© SidorArt/Shutterstock.
CHAPTER 2
Overview of U.S. Compliance Laws
TO STAY COMPLIANT WITH REGULATIONS means you must interpret the regulation. Equally important, you must understand how regulators interpret the laws. Ultimately court cases and judges decide if a company is compliant, but rarely do regulatory compliance cases ever come to court for a ruling. The vast majority of the time, company representatives will demonstrate compliance through the appropriate regulator. Consequently, three core tenants to sustain compliance include understanding the norms of the industry for compliance, having a good working relationship with regulators, and being able to evidence compliance.
A researcher from Harvard Business School published a study in 2021 that indicated the market impact of the Internet on the U.S. gross domestic product was $2.45 trillion, an eightfold increase from $300 million in 2008. The study was commissioned by the Interactive Advertising Bureau (IAB). The study found that the Internet economy grew seven times faster than the total U.S. economy during the past four years at a rate of 22% per year.
The Internet economy is driven through the exchange of personal information as well as goods and services. No government can sit on the sidelines with so much at stake, such as personal privacy and the economic impact to name a few. state governments and the federal government establish laws (referred to as “regulations”) that define how to control, handle, share, and process sensitive information that this Internet economy relies on. Much of that information is about you! “Regulators” are the individuals who help enforce these rules. Industries also try to “self-regulate,” which means they create standards their members must follow. Failure to follow regulations or industry standards can result in fines or limits placed on the ability to operate. Gross violations of regulations can be seen as a violation of criminal law. These violations can result in the arrest of company officers and potential jail time.
In this chapter, we discuss major government laws and their compliance requirements. When we refer to regulations in this chapter, we mean those that relate to U.S. laws. We see how these requirements will influence security policies. We examine major drivers for the regulations and the importance of protecting personal privacy. Many industry standards and government regulations affect information technology (IT) operations. Remember, each country has its own laws and regulations. Thus, the number of compliance laws and regulations expands greatly. Keep in mind that we are only scratching the surface. Other compliance regulations exist and are often specific to a particular industry.