This week, Iâ€™d like to give you a short list of laws/regulations/rules and ask you to select one for your primary post, and comment on them in your response posts. For each, assume that your organization is subject to that law or regulation.
* HIPAA â€“ covering security and privacy associated with healthcare information.
- PCIDSS â€“ covering information relating to payment (debit/credit) cards
- GDPR â€“ the European Unionâ€™s General Data Protection Regulation
- CCPA â€“ the California Consumer Privacy Act (which goes into effect in 2020).
How does the law/regulation/rule youâ€™ve selected impact the development of an ISMS? Where in the development/operation/auditing of an ISMS do you see the selected law/regulation/rule having a large or small (or no) effect?