Summary
This chapter addressed the issue of compliance and provided information about some of the major statutes across the globe that seek to protect data that's handled by companies that engage in collecting, storing, and using data from consumers. This chapter provided insight into statutes such as GDPR, HIPAA, the HITECH Act, COPPA, the EFTA, PIPEDA, Sarbanes-Oxley, the CCPA, and FISMA. All these laws require companies and agencies to put mechanisms in place that ensure the safety of the data they collect, store, and use. They also ensure that the companies only use data for the purposes that were initially stated, and outline penalties for companies that fail to comply. The CISO's role is to ensure that their organizations are compliant with the regulations that govern their operations.
The next chapter will address the role of CISOs in human resource management.
