Information doesn’t always want to be free: An overview of regulations affecting information security

Information professionals are increasing called upon to provide access and services for information that, by its nature, must be restricted to certain uses or classes of individuals. This paper aims to explore the six major compliance regulations in the USA that information professionals should have a basic understanding of to manage a restricted information environment effectively.

This paper is a general review of laws and requirements in the USA related to information security that may affect information professionals in their work.

The world of information security is complex and there are multiple laws, guidelines and standards that apply. For information professionals managing or deploying digital repositories or information archives, all of these need to be considered because plans and systems are being developed. Information professionals will increasingly be called upon to lend their expertise to emerging preservation problems related to restricted data, so understanding the basics of information security law is a requirement to successful information practice.

This is the first general overview of this area of information practice.