For the past two years, Barclays PLC has been developing and deploying a companywide data security and privacy framework that complies with both U.S. and European regulations. It hasn’t been easy, according to Julian Parkin, a privacy program director who heads the effort.

In the U.S., Barclays must deal with a patchwork of disparate and overlapping state and federal regulations, as well as privacy rules laid out by individual corporate partners and consortia.

The European Union, on the other hand, has come up with the Data Protection Directive, a set of privacy principles that all members support and (to some extent) enforce in their regulations. Unlike U.S. regulations like the Health Insurance Portability and Accountability (HIPAA) or Sarbanes-Oxley acts, however, the directive provides few specifics as to how these privacy requirements should be met. As a result, different countries interpret them quite differently, and companies may have to implement several different versions of the same directive requirement, says Rosa Barcelo, a legal advisor at the European Data Protection Supervisor organization in Brussels, Belgium.

Sponsored by: Imperva, Inc., LogLogic, Inc. and Sophos Inc.