Information security and regulatory compatibility