HIPAA Audit: OCR Is On The Move
While the financial services regulatory reform bill signed into law by President Obama last week will take some time to be put into practice, several industry experts have noted that this extensive legislation holds immense significance for information/ data security.
Creation of a new consumer protection agency at the Federal Reserve, provision of new powers to regulators for safely liquidating failed financial firms, and imposing new guidelines for transparency in the derivatives market, are some of the objectives of ‘The Dodd-Frank Wall Street Reform and Consumer Protection Act’. This law is an outcome of the 2008 banking crisis.
However, there are now mixed opinions about this law, especially with respect to its implication on data/ information security. Protiviti Inc.’s risk and compliance practice director Michael Brauneis noted that the provision in the law for creating a consumer protection agency may lead to a number of data security issues, since it calls for regulations to allow consumers to obtain information about their transactions from financial institutions. This causes a high risk of identity theft, if these financial institutions do not ensure effective controls to check the identity of the person requesting information.
Also, the concept of ‘systemic risk regulator’ meant to gather information from the banking industry to prevent another meltdown can pose serious concerns for overall data management and security. And a report by Delloite LLP on the new financial reform also cites data aggregation and reporting as one of the top implications of the new law.
Therefore, for all those involved in financial services, this regulatory reform is a groundbreaking event and is being described as the biggest since the Great Depression.
With the ever-increasing number of regulatory requirements, IT security has come a long way from being merely an IT-centric control mechanism, to becoming a complete compliance control technique. While the timeline for this law to take effect is long, this is yet another regulation that reinforces the need for secure GRC solutions.
Related posts
