How to keep up with Federal & Local data security laws?
January 8, 2015 8:10 AM Subscribe
I work with (and perform IT functions for) a small direct mail house in the heart of New England. My supervisor has tasked me with keeping up on new and changed laws and regulations regarding data security in the states that we operate in (MA, ME, NH, VT) as well as federally. Is it too much to hope that there's a website that specializes in this?
This might not be so daunting of a task if I had a law background, but I do not. Are there services for businesses to be informed of these kind of changes? Do other IT departments have to do this (the research, not the implemntation), or is that generally farmed out to a legal entity?
As far as I'm aware, we're fully in compliance with all relevant laws and regulations as of now. I'm being tasked with staying on top of this for future changes.
Thank you in advance!
This might not be so daunting of a task if I had a law background, but I do not. Are there services for businesses to be informed of these kind of changes? Do other IT departments have to do this (the research, not the implemntation), or is that generally farmed out to a legal entity?
As far as I'm aware, we're fully in compliance with all relevant laws and regulations as of now. I'm being tasked with staying on top of this for future changes.
Thank you in advance!
Response by poster: "Your best bet is to not try to stay on top of the law and legal precedent, but instead to exceed the regulations by implementing best practices in data handling wherever possible."
And we are doing our best to do just that, just as a matter of course. But we don't want to be blind sided if something quirky does come up down the line that is suddenly required by law for no apparent reason.
That UCF site looks interesting, I'll look at that, thank you! I get the feeling from a quick once-over that it's more concerned with auditing tools than with actual regulation information though (of course, I could be wrong, and will look into it further).
posted by TrueVox at 8:27 AM on January 8, 2015
And we are doing our best to do just that, just as a matter of course. But we don't want to be blind sided if something quirky does come up down the line that is suddenly required by law for no apparent reason.
That UCF site looks interesting, I'll look at that, thank you! I get the feeling from a quick once-over that it's more concerned with auditing tools than with actual regulation information though (of course, I could be wrong, and will look into it further).
posted by TrueVox at 8:27 AM on January 8, 2015
Consider joining the International Association for Privacy Professionals. Their daily newsletters and updates are an excellent resource, as is the members mailing lists.
posted by JakeWalker at 11:37 AM on January 8, 2015
posted by JakeWalker at 11:37 AM on January 8, 2015
Response by poster: Thank you, Jake Walker! That looks like a great resource! I'll look into it!
posted by TrueVox at 1:37 PM on January 8, 2015
posted by TrueVox at 1:37 PM on January 8, 2015
Here's a fairly recent list of links to state data privacy laws. To keep up with new developments, I'd find a law firm that specializes in the subject and see if they offer a newsletter or similar.
posted by schoolgirl report at 4:39 AM on January 9, 2015
posted by schoolgirl report at 4:39 AM on January 9, 2015
Response by poster: Whoops, just realized I never said thank you for your input! I'm still trying to wade through all of these, but thanks for one more!
posted by TrueVox at 9:12 AM on January 16, 2015
posted by TrueVox at 9:12 AM on January 16, 2015
« Older Help me improve my script learning technique. | Juggling job offers and timelines - help! Newer »
This thread is closed to new comments.
As you realize, you are not a lawyer. Your best bet is to not try to stay on top of the law and legal precedent, but instead to exceed the regulations by implementing best practices in data handling wherever possible.
posted by bfranklin at 8:18 AM on January 8, 2015