Information doesn’t always want to be free. An overview of regulations affecting information security
| Pages | 68-72 |
| DOI | https://doi.org/10.1108/DLP-02-2016-0009 |
| Published date | 09 May 2016 |
| Date | 09 May 2016 |
| Author | H. Frank Cervone |
| Subject Matter | Library & information science,Librarianship/library management,Library technology,Records management & preservation,Information repositories |
Information doesn’t always want
to be free
An overview of regulations affecting
information security
H. Frank Cervone
University of Illinois at Chicago, Chicago, Illinois, USA
Abstract
Purpose – Information professionals are increasing called upon to provide access and services for
information that, by its nature, must be restricted to certain uses or classes of individuals. This paper
aims to explore the six major compliance regulations in the USA that information professionals should
have a basic understanding of to manage a restricted information environment effectively.
Design/methodology/approach – This paper is a general review of laws and requirements in the
USA related to information security that may affect information professionals in their work.
Findings – The world of information security is complex and there are multiple laws, guidelines and
standards that apply. For information professionals managing or deploying digital repositories or
information archives, all of these need to be considered because plans and systems are being developed.
Information professionals will increasingly be called upon to lend their expertise to emerging
preservation problems related to restricted data, so understanding the basics of information security
law is a requirement to successful information practice.
Originality/value – This is the rst general overview of this area of information practice.
Keywords Information security, FERPA, FISMA, HIPAA,
Laws related to information security in the USA, Secure repositories
Paper type General review
Although informatics and data science generally tend to focus on providing access to
information, there is another side to providing information that is increasingly coming
into play for many information professionals. Especially in the commercial sector, in
specialized agencies and in educational institutions, certain types of information are
required to be protected and only made available to those with appropriate access rights.
Unlike traditional debates that focus on intellectual freedom or a philosophical approach
to providing open access to research, there are several classes of information where
access must be restricted and this is governed by law.
As information professionals, it is important for us to have a basic understanding of
the major issues that govern these protected types of data. Whether providing access to
information or curating the information that is under our care, ensuring that we adhere
to the rules that govern information dissemination requirements is an important, but
often misunderstood, aspect of our work.
In the USA, there are six major information compliance regulations, two of which are
more commonly known in the information professional community (HIPAA and FERPA)
and four regulations that are less well known (Sarbox, FISMA, GLBA and PCI-DSS).
The current issue and full text archive of this journal is available on Emerald Insight at:
www.emeraldinsight.com/2059-5816.htm
DLP
32,2
68
Received 9 February 2016
Accepted 9 February 2016
DigitalLibrary Perspectives
Vol.32 No. 2, 2016
pp.68-72
©Emerald Group Publishing Limited
2059-5816
DOI 10.1108/DLP-02-2016-0009
To continue reading
Request your trial