by Abbie Lundberg

Patriot Act, Sarbox, GLB, HIPPA Mean New Risks for CIOs

Apr 15, 20032 mins

CIOs today find themselves having to navigate a changing landscape of new legislative and regulatory directives that affect IT and business. Sarbanes-Oxley, Gramm-Leach-Bliley, HIPAA regulations and the USA Patriot Act all force CIOs to reexamine data and customer privacy policies, security controls and data accessibility. In many cases, they also require significant new investments in information infrastructures in order to comply.

To help CIOs through this growing field of legislative land mines, CIO is launching a new series, “Playing By New Rules: Your Risks and Responsibilities.” The first article in the series, “What to Do When Uncle Sam Wants Your Data,” by Staff Writer Ben Worthen, focuses on the implications of the Patriot Act?in particular, Section 215, which addresses requirements for sharing data and records with federal agents involved in terror investigations.

Most conscientious citizens are eager to help the government in its fight against terrorism. In fact, in a survey of almost 800 security professionals by CIO’s sister publication, CSO, 41 percent of respondents said they were willing to share information about their customers, employees or business partners with government or law enforcement agencies without a court order if they believed it was in the interest of national security.

But that approach can land you in court, as the safe harbor provision applies only to companies that receive a court order. Besides, laws can be repealed. But once you’ve broken trust with your customers, do you really expect to get them back?

In a recent speech to privacy professionals, Richard Armey, the former Republican House Majority Leader from Texas, urged businesses not to roll over to law enforcement when it comes to customer information. “Every bit of it was given to you by someone who trusted you to handle it responsibly, on a contractual basis, explicit or otherwise,” he said. “I take it as your responsibility to protect data against the coercive intrusions of government.”

To find out how the new antiterrorism laws will affect you, how to shield your company from potential litigation and bad publicity, and what infrastructure improvements might be required, please turn to Page 56.

The next article in the series will address the implications of the Sarbanes-Oxley Act. Look for it in our May 15th issue.