Information security acts have been established with the intent to protect the rights of all citizens. Specifically to enhance privacy and confidentiality, models have been developed to aid organizations in securing citizens’ private information to attain assurance and security of their information. Legislation must be continuously updated to adapt to the growing use of technology and its effects of storing and using personal information. Public and private sector organizations must abide by government-mandated legislation regarding information security and risk management.
Several statues have been enacted in order to uphold the fundamental rights to the privacy of an individual’s information. In particular, these laws pertain to what it is known as personally identifiable information (PII). PII should always be protected via means of encryption and additional security measures not only when it is being transmitted across the internet, but also when it is being stored locally on a server. Many of these security and risk oriented rulings mandate the requirements of securing individuals’ personal information. Some of the acts and models even go as far as to designate how an organization must respond to and notify instances of persona data breaches. The aforementioned area is one that, especially in the midst of ever more prevalent and expansive impact of recent breaches, this author opines is so pertinent to addressing because the risks to an individual’s right to privacy cannot be understated. Jones (2007) exceptionally states the significance of these guiding principles:
Organisations need to deal with (treat) the management of information security risks in a manner that gives confidence to all parties that are involved. Risk management processes should be able to be modelled, be repeatable and provide an auditable trail that is of a level suitable to satisfy the regulatory requirements. The audit trail has two main uses — satisfying the legal and regulatory requirements for traceability, and allowing for the review of the decisions that have been made so that modelling can be undertaken to determine the optimal set of risk treatment measures to meet the needs of the organisation. (p. 36)
To ensure that the security of citizens’ private information is effectively protected, information risk legislation and models have been ordained in order to mitigate cyber threats and security risks.
Effectiveness of Legislation
The various acts that have been sanctioned often focus on addressing how the PII of individuals should be handled and what security measures should be implemented to ensure the safekeeping of such private data. Some of the most well-known, not to mention the expansive impact, of such legislation includes the Federal Information Security Management Act (FISMA), the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), and the Sarbanes-Oxley Act (SOX). In...