Legal Requirements regarding Data Privacy and Security

Q.   Are there any resources that can be helpful in identifying legal requirements related to privacy and data security?

Like any legislation, requirements around data security, privacy, breaches, etc. can vary widely across different regions. It is important to know and thoroughly understand the applicability of all data related legal requirements specific to the jurisdictions in which your facility operates and the operations performed.  Where the requirements are unknown or there are questions about their application, it may be necessary to consult with somebody with specialized knowledge of the requirements.

Also note that legal requirements can change over time, so it is important to maintain methods to stay apprised of any new or modified requirements.  And of course, the application of the requirements can change as a result of changes in operations, so be sure to reassess applicability in light of proposed operational changes.

The following resources may provide a useful starting point in identifying some general information on data requirements:

• • https://iapp.org/resources/article/global-comprehensive-privacy-law-mapping-chart/
  • https://iapp.org/resources/article/us-state-privacy-legislation-tracker/
  • https://www.datasanitization.org/data-sanitization-regulations/