- Page 1: Data Security Compliance
- Page 2: EU Data Security Compliance
- Page 3: Japan Data Security Compliance
- Page 4: Korea Data Security Compliance
- Page 5: Australia Data Security Compliance
- Page 6: U.S. Data Security Compliance
Data Security Compliance
There is no single, comprehensive federal (national) law regulating the collection and use of personal data. Instead, the US has a patchwork system of federal and state laws and regulations that tend to be adopted on an ad-hoc basis, with legislation arising when certain sectors and circumstances require. Some important ones include:
The Gramm-Leach-Bliley Act (GLB)
- Protect consumer financial privacy by limiting when a financial institution can disclose a consumer’s non-public personal information to non-affiliated third parties.
- Federal and state agencies with jurisdiction under GLB over financial institutions must implement regulations requiring the financial institutions to establish safeguards under their security program, including safeguards that protect against unauthorized access to, or use of, these records or information, which would result in substantial harm or inconvenience to any customer.
- Common standards that have been suggested to restrict unauthorized access include the use of data encryption.
The Health Insurance Portability and Accountability Act (HIPAA)
- Applies broadly to health care providers, data processors, pharmacies and other entities that come into contact with medical information.
- Applies to the collection and use of protected health information.
- Provides standards for protecting medical data.
- In order to strengthen the enforcement of HIPAA, the Health Information Technology for Economic and Clinical Health (HITECH) Act was enacted.
The Payment Card Industry Data Security Standard (PCI-DSS)
- A proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.
- The PCI standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council.
- The standard was created to increase controls around cardholder data to reduce credit card fraud.
Continue: EU Data Security Compliance
Related Posts