Compliance Scorecard: Municipal Compliance

Homeland Security Presidential Directive 8: National Preparedness
http://www.dhs.gov/xabout/laws/gc_1215444247124.shtm
This new directive requires the creation of a national preparedness goal and a national preparedness system. While it “is intended to galvanize action by the Federal Government, it is also aimed at facilitating an integrated, all-of-Nation, capabilities-based approach to preparedness.” The language of the directive indicates that local governments will be consulted on the creation of the preparedness goal and they will be impacted by the development of the preparedness system. Be watching legislative updates in the coming months to determine what the impact will be for your city.

Payment Card Industry (PCI) Data Security Standards
https://www.pcisecuritystandards.org/security_standards/documents.php?document=pci_dss_v2-0#pci_dss_v2-0
The PCI DSS are intended to facilitate the broad adoption of consistent payment account data security measures. Cities and municipalities that accept credit card payments for fees, fines, taxes or other transactions must abide by the DSS. They include requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. Requirements include separation of duties, auditing of access to records, unique identities, conducting vulnerability scanning of Internet-facing systems, and identifying where all credit card data is located inside electronic systems.

Destruction of Personal Records Rules
At least 29 U.S. states have rules regarding the safe disposal of records (digital and otherwise) containing personal information. Some of these state laws apply to businesses specifically, but several of them directly state that they govern local government agencies as well as private agencies. To see if your state is one of the 29 and to find a link to the legislation, visit http://www.ncsl.org/default.aspx?tabid=21075.

Ethics: Conflict of Interest http://www.ncsl.org/?tabid=19024
All 50 states have some rule on their books defining and prohibiting conflict of interest for state officeholders and/or employees. In some states, the rules are relatively open-ended and apply only to legislators. In others, the laws apply to all municipal employees, including part-time employees and unpaid employees. Violations may include taking monetary gifts, corrupting witnesses, “self dealing,” using a position to gain privilege and showing favor.

New Synthetic Drugs http://www.ncsl.org/?TabId=21398
New drugs provide the same “highs” as various banned substances, often with more dangerous mental and health repercussions than their counterparts. Synthetic cannabinoids—often sold as “spice” or “K2”—mimic marijuana, and substituted cathinones, which are also called “bath salts,” behave much like ecstasy and methamphetamine. In many states these drugs are sold legally in head shops. According to the National Conference of State Legislatures, at least 20 states have taken action to ban chemical substances related to synthetic cannabinoids, and nine states have banned chemical substances related to substituted cathinones. The list of states with pending legislation on both types of drug is a long one as well.

Labor Disputes and Demonstrations
Certain activities that may occur during demonstrations, picketing situations or labor disruptions are deemed illegal under various state statutes, and each state deals with such activities differently. City and municipal security professionals should know how their state defines and regulates activities ranging from assault, sabotage and terrorist threats to disorderly conduct and civil disorder. They can search state public records to find this information. The Security Executive Council has also compiled statutes for 30 states in individual, state-specific guidebooks:
https://www.securityexecutivecouncil.com/common/streamfile.html?PROD=171&cti=24806.

The Security Executive Council (www.securityexecutivecouncil.com/?sc=std) is an innovative problem-solving research and services organization. The Council is building the fastest-growing repository of proven resources to help you manage risk. Visit our resource page on security regulation and compliance issues:
https://www.securityexecutivecouncil.com/knowledge/index.html?mlc=511.