Businesses today are faced with the almost insurmountable task of complying with a confusing array of laws and regulations relating to data privacy and security. These can come from a variety of sources: local, state, national, and, even, international law makers. This is not just a problem for big businesses. Even a small business with a localised geographic presence may be subject to laws from other states and, possibly, other nations by virtue of having a presence on the internet.
In many instances, these laws and regulations are vague and ambiguous, with little specific guidance as to compliance. Worse yet, the laws of different jurisdictions may be, and frequently are, conflicting. One state or country may require security measures that are entirely different from those of another state or country. Reconciling all of these legal obligations can be, at best, a full time job and, at worst, the subject of fines, penalties, and lawsuits.