Depending on the organization’s business, there may be several laws that govern the protection of information

• California Database Breach Notification Act  (SB1386)
• Computer Security Act of 1987
• Computer Fraud and Abuse Act of 1986
• European Union Data Privacy Directive

ASCA – Administrative Simplification Compliance Act

• Addresses Transactions and Code Sets
• Allows a covered entity, other than small health plans, to apply for a 12 month extension
• Testing is required by April 15, 2003

Privacy Modification NPRM

• Simplifies implementation requirements for Privacy regulation, but doesn’t change date
• Adoption or modification expected in August
• Does not effect our product positioning, but could effect policies.

The Risk Mitigation

Information Risk Analysis

• Identify what your business data is worth to you

Security Policy

• Clearly document your security objectives

Accountability

• Have senior people responsible for information security

Investment

• Make cost-effective resource commitments to information security 

To name a few what others should be considered?