While today there’s a wide distance between GDPR, CCPA, HITRUST, FedRAMP and SOC2, I generally expect the gaps between these various frameworks to narrow significantly over time around the premise of all customer data being treated as sacred. Consequently, I expect the necessary controls to implement these frameworks to converge, such that the burden to an organization to comply across multiple compliance regimes will shrink. However, this convergence will occur in a haphazard series of jerky, unpredictable steps as various countries, states and regulators push towards stricter controls
A brief rant on converging compliance regimes.
from lethain.com
Filed under:
Same Source
Related Notes
- In World War II, the story goes, the British invented a new kind of...from Atoms vs Bits
- **Ag-gag** laws are anti-[whistleblower](https://en.wikipedia.org/w...from Matt McGrath
- In the allegory of long spoons, there are people in hell and people...from wikipedia.org
- Unlike simple machines, which cannot be copyrighted, software is au...from Why Software Patents are Bad, Period.
- People often start from the mistaken notion that patents are a righ...from Why Software Patents are Bad, Period.
- the assumption in a patent trial *isn’t* that you stole the idea. ...from Why Software Patents are Bad, Period.
- many if not most software companies are probably Pareto-distributio...from Nadia Asparouhova
- Elisa Baniassad and Alexander Summers have this great paper [Refram...from Hillel Wayne