Laws and Regulations Flashcards
Federal Information Security Management Act (FISMA)
Applies to all US federal government agencies, all state agencies that administer federal programs (such as Medicare), and all private companies that support, sell to, or receive grant money from the federal government. FISMA requires that an organization implement information security controls that use a risk-based approach—one that handles security by enumerating and compensating for specific risks.
Health Insurance Portability and Accountability Act (HIPAA)
Protects the rights and data of patients in the US healthcare system. Title II of HIPAA lays out requirements for safeguarding protected health information (PHI) and electronic protected health information (e-PHI).
The Sarbanes–Oxley Act
Regulates financial data, operations, and assets for publicly held companies. SOX places specific requirements on an organization’s electronic recordkeeping, including the integrity of records, retention periods for certain kinds of information, and methods of storing electronic communications.
Gramm–Leach–Bliley Act
Aims to protect information (such as personally identifiable information (PII)) and financial data belonging to customers of financial institutions. Banks, savings and loans, credit unions, insurance companies and securities firms … some retailers and automobile dealers that collect and share personal information about consumers to whom they extend or arrange credit,” as well as businesses that use financial data to collect debts from customers.
Family Educational Rights and Privacy Act
Applies to student at all levels, and when students turn 18, the rights to these records shift from the parents to the students.
