Many industries are governed by legal or regulatory requirements such as HIPAA for healthcare, FERPA for education, Sarbanes-Oxley for corporations, PCI-DSS for credit card payments, or GLBA for banking.
What legal or regulatory requirement(s) must your business adhere to?
What are the implications of failing to comply with the required regulations?
What policies or procedures does your work have in place to ensure compliance?