Regulatory Compliance

Regulatory compliance imposes externally determined requirements on companies in certain industries or when processing certain types of data.

might dictate:
- the type of controls that must be deployed
- the type and frequency of audits
compliance audit is run by external auditors to verify that an org is meeting the requirements of the regulations

Personal Data and the General Data Protection Regulation

Personally identifiable information (PII) is data that can be used to identify, contact, locate, or describe an individual.

Privacy is the concept that collection and processing of personal information be both secure and fair.

General Data Protection Regulation (GDPR) is one example of privacy legislation
- governs the collection and processing of PII for EU

Data Locality

Data sovereignty refers to a jurisdiction preventing or restricting processing and storage from taking place on systems that do not physically reside within that jurisdiction.

e.g., GDPR applies to any EU citizen while they are within EU or European Economic Area
may require implementing data locality policies and tools

Data locality establishes storage and processing boundaries based on national or state borders.

most cloud storage and processing tools offer data locality tools
e.g., healthcare databased hosted in cloud
- could prevent an administrator from replicating data to any datacenter outside US

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard (PCI DSS)

adam's notes

Table of Contents

Regulatory Compliance

Personal Data and the General Data Protection Regulation

Data Locality

Payment Card Industry Data Security Standard

Graph View

Backlinks