Over the past several years the Congress has passed a number of statutes aimed at protecting the privacy of the consumer. The regulations emanating from these statutes are now coming effective. This means businesses will have to be spending considerable money and time for compliance.

Are the benefits worth the costs? Who knows? What can be done however is to implement them in a common sense fashiong.

In one area, health care, an observer states"

"HIPAA's privacy regulations create a sweeping framework for information security. For at least the next several years, as pieces of HIPAA roll out, health-care providers and their business partners will need to continually test systems, train workers, and maintain business processes to ensure compliance. This focus on continual development presents a model for how any business facing privacy regulations should function. Companies and organizations shouldn't expect vendors to develop compliance-in-a-box, since much of the work involves changing business processes and people's behavior. But adopting such a focused, ongoing approach just might make all businesses--and their customers--more secure."

Read a checklist in today's Information Week (http://www.informationweek.com/story/showArticle.jhtml;jsessionid=X0J22E42K44OWQSNDBCCK HSCJUMEYJVN?articleID=12800269&pgno=2)