The regulations and standards come from many sources, such as national and local governments. Examples include the Sarbanes-Oxley Act (SOX) and the California Law on Notice of Security Breach, formerly known as SB-1386. They also come from industry-specific oversight groups, such as the Payment Card Industry Data Security Standards.
Not surprisingly, many companies find it difficult to understand how to respond appropriately to these regulatory requirements, and then maintain their regulatory compliance through cost-effective processes and procedures.
http://www.it-observer.com/articles/1161/regulatory_compliance_planning_guide/