Organizations doing business outside the United States have a duty to follow information security and privacy policies enacted by the host countries in which these organizations are doing business. An example of common laws specific to individual nations are laws pertaining to privacy and to the use of encryption.
You are charged with recommending strategies for risk mitigation for a U.S. publisher who has chosen to do business in Great Britain, France, Germany, Japan, and Pakistan.
Use the study materials and engage in any additional research needed to fill in knowledge gaps. Then discuss the following:
- Describe the steps necessary to determine what specific information security and privacy rules might impact the organization doing business in these countries.
- Identify the process that will identify how well the organization is in compliance with privacy and information security laws specific to the countries in which this organization plans to do business.
- Explain strategies for how this organization can remain in compliance with any changes or any new laws that might be enacted in the future by the countries in which this organization plans to do business.