Are we on the verge of a new wave of cybersecurity regulation? For many years, organizations involved in healthcare, financial services and other industries that deal with sensitive information built compliance programs around federal laws governing their activities. Recent cybersecurity regulatory moves by New York State may foreshadow a new trend toward state cybersecurity regulations that have many IT compliance experts worried.

IT compliance experts are already quite familiar with the alphabet soup of federal regulations. HIPAA, SOX, GLBA, FERPA, HITECH and other acronyms already produce countless hours of assessments and documentation. Even the vaunted PCI DSS has national status, even though it may not be federal law. Until now, the states haven’t done much outside the limited scope of data breach notification laws.

Read the full article: New Wave of State Compliance Mandates

Published July 2015 on SearchSecurity.com