Sanctions for Regulatory Non-Compliance
August 21, 2010There are penalties for stakeholders; CISO is liable.
The first column indicates when the year when the regulation came into existence
The next column shows the fine the maximum fine. As you can see, there are some hefty fines associated with non-compliance.
This is driving behaviour.
The next column shows the imprisonment that is associated with non-compliance to each of these regulations. This is also driving behaviour.
The last column shows the other negative consequences of non-compliance.
For PCI, rescinding the right to accept credit card data is devastating. It is much worse than any fine that Visa / MasterCard to impose
|
Regulation |
Date of |
Fine |
Imprisonment |
Industry |
| HIPAA | 1996 | $250,000 | 10 years | Health |
| GLBA | 1999 | $100,000 per incident | 5 years | Financial |
| PCI | 2005 | $500k per incident + $100k if VISA is not notified | None—Rescind the right to accept credit card payments | Credit Card Security |
Others to consider:
AR 335–15, Management Information Control System
DA Pam 25–1–1, Information Technology Support and Services
DODD 5015.2, Department of Defense Records Management Program
https://www.bestitdocuments.com/Samples