Regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act impose significant security and administrative requirements on business. However, as a recent article (Data security measures failing to match legal expectations) in Computerworld points out, business will have to be proactive in attempting to implement processes to meet the new requirements, but remain in the dark with regard to their overall legal liability due to the lack of court decisions needed to establish what the “acceptable standards of due care” are with regard to data security and privacy.