As organizations feel the pressure from an increasing number of regulations, best practices and standards for information security, the need to automate as much of the compliance monitoring and reporting process as possible becomes acute. In order to comply with the constant flow of current and new regulations, organizations must address the following four emerging trends:

• Strengthened Enforcement - Regulators are now strengthening regulatory enforcement through expanded powers, higher penalties and harsh enforcement actions. The FTC investigation into Twitter’s lax security practices and protection of user accounts after two high-profile hacking incidents in 2009 resulted in Twitter being subjected to independent audits for the next 10 years and FTC oversight for 20 years, resulting in public embarrassment and costly compliance. The FTC’s concern was the ability of hackers to breach Twitter’s password system and gain access to user accounts
• Global Spread of Data Breach Notification Laws - Data breach disclosure is becoming a global principle as jurisdictions worldwide adopt privacy and data protection laws that include a general obligation to notify government agencies, individuals and/or other authorities such as law enforcement of unauthorized access or use of personal data.
• More Prescriptive Regulations - Increasingly, legislation is becoming more prescriptive. New state privacy laws from Massachusetts and Nevada, which became effective in 2010, do not just apply to companies based in these states but extend to all organizations that handle personal information regarding their residents.
• Growing Requirements - Many existing regulations and standards call for organizations to assure that any third-party that handles protected data employ adequate security measures.