- Federal HIPAA legislation imposes civil penalties of $100 per person per incident, up to $250,000, and 10 years of imprisonment for commercial or malicious misuse of personal medical data. Any possible risk involving company benefits records or other databases should be scrutinized.
- International cyber-crime convention, passed on Nov. 23, imposes international definitions of prohibited acts and creates obligations of mutual assistance. Administrative practices and network management tools should be validated for conformance.
- FBI statement of "fundamental needs," in preparation as of November, will focus on increased surveillance capabilities on packet-switched networks. Enterprise telecommunications plans must consider the nature and extent of likely monitoring activities.
- Anti-terrorism concerns are leading to withdrawal or restriction of public access to many databases. Data security, plus possible need to arrange for other data sources, should be high on enterprise agendas.