Dependent on what industry you operate in will dictate the regulations and policies that your organization is bound by. These compliance policies are normally in addition to governmental laws that protect the data piracy we discussed earlier. As soon as you become a data owner, that is you begin to hold data on your clients, you are bound by law to take appropriate care of it. Many businesses must meet regulations that exist for their specific industry and we'll see some examples soon. In addition to country laws, there may be local laws and regulations in place.
Companies may also have their own guidelines to which they wish to adhere to, which is normally written in the security policy handbook and issued to all employees. We mentioned that there are some regulations and laws that seek to place the responsibility of the data security on the organization that owns the data. These include the Sarbanes-Oxley Act, which stipulates that the CFO and CEO are jointly responsible for the company financial data. The Gramm-Leach-Bliley Act makes the entire board of directors responsible for the security of data.
And the HIPPA caused information prudency for the health industry. You need to protect the data, otherwise the officers of the company, such as the CEO, could be jailed. Fines are often very high. A healthcare company recently had to pay a five million dollar penalty for a data breach. An organization can also suffer from adverse publicity, resulting in the loss of customers or business. Ashley Madison, a dating website, suffered huge embarrassment and negative PR when a 2015 data link revealed membership names from 33 million accounts.
It was fined 1.6 million dollars. Remember that the duty of care rests for the organization and not the hosting partner. A named individual needs to be responsible for the data security and accuracy. This may be a data controller or CEO. In some industries, the person responsible within an organization may be specified by law. To prove that you've considered your compliance duties effectively, you need to have evidence that you have evaluated your organization's compliance requirements and then determined how these will be maintained both in house and off site.
If you use a cloud provider, you will need to verify that they will meet all legal and regulatory requirements. And finally remember that you must do this since you are the data owner and you can't transfer the responsibility for data security to a third party, such as a cloud storage provider. In the next movie, we'll cover how to ensure that your data is secure when stored in the cloud.
LinkedIn Learning is an online learning platform that combines industry-leading content from Lynda.com with LinkedIn’s professional network of more than 500 million member profiles to provide highly personalized course recommendations and a more intuitive learning experience. Learn more.
Learn from recognized industry experts, and get the business, tech, and creative skills that are most in demand.
Receive personal recommendations based on your LinkedIn profile.
Stream courses from your computer or mobile device.
Take courses for every level – beginner to advanced.
Practice while you learn with quizzes, exercise files, and coding windows.
Provide learning for your team or entire organization, with an easy to use experience for managing users, curating content and measuring engagement
For businesses with 150+ licenses Request Office 365 onboarding assistance from FastTrack
You can request remote and personalized assistance with onboarding. Our FastTrack engineers will help you plan your Office 365 project, assess your technical environment, provide remediation guidance, and provide user adoption assistance. For businesses with at least 500 licenses, Microsoft also provides personalized assistance to migrate data to Office 365.
See the FastTrack Center Video: http://aka.ms/meetfasttrack
Get started today: http://fasttrack.microsoft.com
Tip: Businesses with 1-149 licenses still have access to FastTrack guidance via links in the Admin Center and also available at https://aka.ms/setupguidance.
Gain a new or enhanced understanding of cloud principles, service offerings, delivery mechanisms, and security requirements. This course focuses on the objectives for the first two domains of the Microsoft Cloud Fundamentals exam (98-369: Understand the Cloud and Enable Microsoft Cloud Services). IT professionals and those interested in pursuing certification can use this course as an exam preparation resource.
Cloud principles and security mechanisms
Cloud security requirements and policies
Cloud updates and availability
Types of cloud services
Signing up for cloud services
Configuring cloud services
Configuring Microsoft Intune