Recent requirements place a stronger business focus on the acquisition and implementation of security controls. Consumers are expressing growing concern over the security of their personal information, and companies that increase security through compliance activities can sometimes gain a competitive edge. The privacy aspects of compliance call for proper and effective security controls. Privacy clarifies what needs to be protected, and a supporting risk assessment helps determine the appropriate level of security controls. This is particularly critical as the security perimeter now extends to mobile laptops and PDAs. With many data breaches caused by ignorance or a lack of policy, compliance can be used to increase awareness of and attention to data protection requirements and practices.