Most laws define security obligations as reasonable, appropriate, suitable, necessary, adequate etc. without giving more precise directives to follow. Is it good or bad? And what should be known about these standards?
Data Protection Directive, Gramm-Leach-Bliley Act, HIPAA, Security Standards