Privacy & Security Regulations

 

• HIPAA: Health Insurance Portability and Accountability Act (April, 2003), impacts the health care industry.  It requires the development of security standards to protect the confidentiality of “individually identifiable health information.” 
  
  
• FACTA: Fair and Accurate Credit Transactions Act (June, 2005), impacts any one who handles the storage and disposal of certain “consumer information.”  It requires any business “that maintains or otherwise possesses consumer information, or any compilation of consumer information . . . [to] . . . properly dispose of such information or compilation.”  The FTC has an online version of the rule.
  
  
• SOX: Sarbanes-Oxley Act (June, 2002), was enacted in response to scandals from Enron and Worldcom.  It mandates reforms to enhance corporate responsibility and accountability.  Typically, public firms must now document auditable processes for information data security and the transfer of corporate IT assets as a result of SOX.  In addition to the Securities and Exchange Commission website, there’s a SOX 101 guide that is useful.
  
  
• GLB: Gramm-Leach-Bliley Act (1999), is aimed at financial institutions (including banks, insurance and security firms, brokers, and tax preparers) to protect consumers’ personal financial information.