Which Regulations Affect Me?
There are lots of rules and regulations that if not adhered to can have an adverse impact on your business. The intent of these regulations is to improve information security which is, of course, a good thing. The downside is that if you don’t comply with the regulations, it may result in fines or even jail time. Large companies have a compliance officer or privacy officer to guide them thru the compliance and privacy maze. Smaller organizations must figure out what regulations apply to them and make sure they implement what is necessary to be compliant.
The Compliance Regulations that may Impact Your Business
Health Insurance Portability and Accountability Act (HIPAA)
What it Regulates: The primary objective is to protect the privacy of individual patients. Particular attention is paid to protecting the health care of people who are transitioning between jobs or people that have lost their jobs. HIPAA also mandates that healthcare providers transition from paper record keeping to electronic data.
Type of Businesses Affected: Any company that is a healthcare provider or any company that interacts with a healthcare provider in a way which would give them access to patient data.
The Sarbanes-Oxley Act (SOX)
What it Regulates: SOX is also known as the Public Company Reform and Investor Protection Act or the Corporate and Auditing Accountability and Responsibility Act. SOX regulations are designed to make make sure that financial information is presented accurately. The regulations outline an accounting framework that will provide financial reports that are verifiable through source data. All data must be kept in its original form and any revisions must be documented.
Type of Businesses Affected: Public companies in the Untied States, public companies from other countries that do business in the United States, and private companies that are working towards a public offering.
Family Educational Rights and Privacy Act (FERPA)
What it Regulates: This act is designed to protect student’s educational records and to prevents the disclosure of personally identifiable information (PII) in a student’s education record without the consent of a parent or eligible student. It also grants parents and eligible students the right to review records maintained by the school and to request that information that they believe to be inaccurate or misleading is corrected.
Type of Businesses Affected: Educational institutions and agencies that receive funds for programs administered by the U.S. Department of Education (USDE), non-school entities that get funding from the USDE even if they don’t have students, public schools, school districts, public and private post-secondary institutions, and any other programs receiving USDE funds.
Payment Card Industry Data Security Standard (PCI-DSS)
What it Regulates: Security of credit cards and credit card transactions.
Type of Businesses Affected: Any company that accepts or processes credit cards, and companies that store or transmit data related to credit cards.
Gramm Leach Bliley Act (GLBA)
What it Regulates: How consumer data is shared and safeguarded.
Type of Businesses Affected: Companies that offer financial products, provide loans, financial advice, investment advice, or insurance policies.