ABSTRACT
Organizations, large and small, have been sensitized to the need for information security due to the widespread media coverage of the breaches over the past several years. Companies do not want to be in the headlines for these breaches. Instead of focusing on what security technologies need to be in place to protect everything at the same level, the focus on data protection will lead the organization to decide what information is important for running the business, which should have access to it, and how it is protected. The protection of information concerning individuals is commonly referred to as privacy law in the United States and some other countries, and data protection law in the European Union. While most countries have implemented privacy laws, many of the principles contained in the current laws dated back to specifications created many years ago.
