Compliance, Privacy, and Security are notably different. What does each of these include? Who in the organization is responsible for administering each of these? What regulations might apply to each?

Compliance, Privacy, and Security are notably different. What does each of these include? Who in the organization is responsible for administering each of these? What regulations might apply to each?
Compliance Compliance can be defined as the state in which all the rules and regulations imposed by the organization are being followed properly (Gasior, 2020). It can also be understood as the process through which the organization ensures that all the resources in it are abiding by the rules, they have setup. The compliance can be implemented level wise. For example, in a financial organization there can be two levels internal and external (What is Compliance?, 2020). Level 1 deals with the rules that are setup by considering the organization as one entity. Level 2 compliance will be related to controlling the internal systems. Compliance officer will be responsible for administering all the activities related to compliance in an organization. The duty of the compliance officer is to work with the employees and the management to identify the risk that the organization can be prone to. His/her objective is to make sure that all the systems are in the control of organization having sufficient management of risks. Responsibility of the officer is to offer services to the organization in-house to effectively manage the business areas to be compliant to the rules that are setup. With the increase in the number of rules that an organization needs to be compliant to is increasing. To avoid the complexity in managing them they can be grouped based on the category they control. This type of compliance is termed as regulatory compliance. Based on the applicable regulation, requirements should be determined. Once done they needs to be documented and applied in the organization along with monitoring them for any update if required. Some of the regulations that come under compliance are as follows (Rouse, n.d.): Dodd-Frank Act  Payment Card Industry Data Security Standard (PCI DSS)  Health Insurance Portability and Accountability Act (HIPAA)  Federal Information Security Management Act (FISMA)  Sarbanes-Oxley Act (SOX) EU’s General Data Protection Regulation (GDPR) California Consumer Privacy Act (CCPA). Privacy Privacy can be understood as the information or resources that are owned by people or the organization secluded form others. Organization can have data related to customers which is treated private to them. Such information when being stored, processed or analyzed should be abiding to the privacy policies of the owners of it. The organization should be in a position to develop, implement and update the privacy policies, that makes sure that all the rules that are applicable to such information are followed. When the privacy is considered related to data, data protection officer will be responsible to administer the operations that need to be carried out to be complaint to the privacy policies (Vellenueve, 2019). The regulations that needs to be applied under privacy are providing complete privacy to the information owned by the individuals and the organization, proactive prevention of any suspicious activities happening or threats that the resources are prone to. Some of them are: Privacy and Personal Information Protection Act (PPIP act) – ensures that all the personal information being stored, processed and analyzed abide to information protection principles (A guide to privacy laws in NSW, 2019). The Health Records Information Privacy Act 2002 (HRIP Act) – ensures that all the health information being stored, processed and analyzed abide to health privacy principles (A guide to privacy laws in NSW, 2019).     Security             Security in an organization includes security policies, procedures and guidelines that are documented. These ensure that the information related to the clients in the organization has confidentiality, integrity and availability by making use of the security policies defined. Security personnel of the organization will be responsible in handling all the activities that the organization needs to carry out in ensuring security. The regulations that can come under security could be not allowing unauthorized users to access sensitive data, the authorized users should not be able to modify any data or resource state improperly. Some of the regulations and laws that are applicable to security are as follows (The security laws, regulations and guidelines directory, 2012): Sarbanes-Oxley Act (SOX) Payment Card Industry Data Security Standard (PCI DSS) Gramm-Leach-Bliley Act (GLB) Act Electronic Fund Transfer Act, Regulation E (EFTA) Customs-Trade Partnership Against Terrorism (C-TPAT) Free and Secure Trade Program (FAST) Children’s Online Privacy Protection Act (COPPA) Fair and Accurate Credit Transaction Act (FACTA)   References A guide to privacy laws in NSW. (2019). Retrieved from Information and Privacy Comission: https://www.ipc.nsw.gov.au/guide-privacy-laws-nsw Gasior, M. (2020). What Is Corporate Compliance and Why It’s Important. Retrieved from PowerDMS: https://www.powerdms.com/blog/what-corporate-compliance-is-why-compliance-is-important/#:~:text=The%20definition%20of%20compliance%20is,apply%20to%20your%20organization%20and Rouse, M. (n.d.). regulatory compliance. Retrieved from Tech Target: https://searchcompliance.techtarget.com/definition/regulatory-compliance#:~:text=Examples%20of%20regulatory%20compliance%20laws,EU’s%20General%20Data%20Protection%20Regulation%20( Tailor, L. (2001). Read your firewall logs! Retrieved from ZDNet: https://www.zdnet.com/article/read-your-firewall-logs-5000298230/   The Need for Comprehensive Firewall Logs Analyzer Application. (2018). Retrieved from Firewall Logs Monitoring: https://www.manageengine.com/products/firewall/firewall-logs.html The security laws, regulations and guidelines directory. (2012). Retrieved from CSO: csoonline.com/article/2126072/compliance-the-security-laws-regulations-and-guidelines-directory.html   Vellenueve, L. (2019). Who’s Responsible for Protecting Our Privacy? Retrieved from ASIS: https://www.asisonline.org/security-management-magazine/monthly-issues/security-technology/archive/2019/September/whos-responsible-for-protecting-our-privacy/ What is Compliance? (2020). Retrieved from ICA- International Compliance Association: https://www.int-comp.org/careers/your-career-in-compliance/what-is-compliance/
Compliance, Privacy, and Security are notably different. What does each of these include? Who in the organization is responsible for administering each of these? What regulations might apply to each?
Compliance is ensuring that an organization understands and obeys security procedures and regulations in place. All members of an organization are responsible for administering compliance to guarantee that guidelines are being followed. Privacy is securing information and protecting data. HIPAA (Health Insurance Portability and Accountability) is a big part of privacy as well. Security administrators are responsible for administering privacy in an organization because they monitor and analyze everything in the network and report suspicious activity. They also prevent and deter attacks from happening. When analyzing security, you have to entail the C-I-A triad. The three tenets of information security are confidentiality, integrity, and availability. Confidentiality is the assurance that information cannot be accessed or viewed by unauthorized users, integrity is the assurance that information cannot be changed by unauthorized users, and availability is the assurance that information is available to authorized users in an acceptable time frame when the information is requested. (Solomon, 2021) Everyone in an organization is in a sense responsible for security because it is everyone’s duty to ensure smooth operations within an organization. Everyone has a role and must play their part. For privacy and security, the excerpts of names, DOB (date of birth) and telephone numbers may be regulations applied. As for compliance, regular updates of software and mandatory trainings may be regulations.       Solomon, Michael G. (2021). Security Strategies For Windows Platforms & Applications.