Articles: Blogs

Information Security Law Guide Launched: The First to Provide a Completely Global Perspective on IT Compliance

Press Releases - 26th September 2008

Ely, England, September 26, 2008 — IT Governance is delighted to announce the publication of a landmark best practice information security compliance guide by a leading expert in the developing field of information law and electronic business. Thomas J. Smedinghoff’s ‘Information Security Law: The Emerging Standard for Corporate Compliance’ is the first book to identify the ‘amazing consistency in approach’ among the laws that govern corporate information security obligations. It provides an overview of those laws and identifies the emerging worldwide standard for corporate compliance.

Smedinghoff – a US-based information security lawyer with a reputation second to none in this field – has crafted ‘Information Security Law: The Emerging Standard for Corporate Compliance’ to summarise the global legal framework for information security, and to describe the emergence of ISO/IEC 27001, the international best practice standard for information security management. This book will help senior security managers, compliance specialists and legal professionals understand the overall framework of legal security requirements; evaluate how local security laws fit into that framework; and determine the steps an organisation should take to comply with multiple laws in many jurisdictions.

Information security law is an increasingly important compliance and boardroom topic, driven by three factors: data protection and privacy concerns are causing a proliferation of legislation and regulation; computer- and cybercrime are intensifying the need for organisations to take appropriate steps to protect themselves and their valuable information assets; and financial regulators are ever more interested in the robustness of corporate financial records. Once the present turbulence in financial markets has passed, regulators will be scrutinising closely the stability and reliability of corporate financial records.

Information security is a topic with global significance, as virtually all a company’s daily transactions, and all of its key records, depend on an interconnected information infrastructure and are subject to possible scrutiny by one or more national lawmakers. As a consequence, this is an area of the law undergoing rapid change and development.

Written for specialist and general readers alike, Smedinghoff’s work offers a concise and accessible perspective on the security laws and regulations that most concern today’s IT managers, lawyers and compliance professionals.

“This is a real first,” says Alan Calder, Chief Executive of publishers IT Governance. “It is the first concrete attempt to summarise the global legal framework for information security. Given the interconnectedness of global markets, this is naturally where compliance professionals and lawyers need to be focusing their efforts.”

Calder continued, “It is very clear that the law is this area is in a state of rapid flux. People need to read Smedinghoff to get to grips with what’s currently going on and to build their own compliance strategies. For lawyers, the book is a powerful aid for tackling current and upcoming legal cases. Thomas Smedinghoff is an acknowledged expert in this area, which is why his advice is invaluable.”

Information Security Law: The Emerging Standard for Corporate Compliance is priced at £39.95/$71.95/€49.22 and is available in soft cover (978-1-905356-66-9). To purchase a copy, visit


Thomas J. Smedinghoff, is an attorney and partner in a Privacy, Data Security, and Information Law Practice in Chicago and has been actively involved in developing e-business and information security legal policy, both in the US and internationally. He currently serves as a member of the US Delegation to the United Nations Commission on International Trade Law (UNCITRAL) and, in addition, chairs the International Policy Coordinating Committee of the American Bar Association (ABA) (Section of Science & Technology Law).