Security Compliance Drivers

The following are key compliance drivers for the IT security market:

  • Health Insurance Portability and Accountability Act (HIPAA) – Signed into law in 1996.  Requirements designed to protect privacy of patient information.  Focus is on protecting sensitive data and securing electronic transmissions of healthcare records.
  • Payment Card Industry Data Security Standard (PCI-DSS) – Joint effort between American Express, Discover, MasterCard and Visa to provide a universal standard for security for processors of credit card transactions.  PCI-DSS requires encryption and other data-security requirements to protect credit card information and ensure privacy.
  • Sarbanes-Oxley (SARBOX) – Requires risk assessment and the deployment of comprehensive security measures to protect sensitive data.
  • Patriot Act – Requires financial institutions to verify customer identities and maintain information records on new accounts.  Financial institutions are required to hold larger amounts of sensitive information that need to be protected.
  • California Law SB 1386 – Companies must notify the public whenever there is a breach of personal information by an unauthorized party.  This raises the potential for embarrassment by companies that have breaches.
  • Gramm-Leach-Bliley (GLB) – Requires financial institutions to establish administrative, technical and physical safeguards to ensure confidentiality of customer records.  GLB also prohibits reuse or disclosure of information without expressed written consent form customers.
  • Government Information Security Reform Act (GISRA) – Fed agencies are encouraged to conform to best practices in developing a formal security policy.
  • Computer Security Enhancement Act of 2001 – NIST focus on improving computer security.
  • Basel II – Accord applying to international banking.  Creates international standard for creating regulations for banks.  Primarily deals with capital requirements but has security components.
  • European Data Protection Directive – Addresses identity theft, online fraud, and privacy issues related to consumers, employees and citizens, and harmonize privacy laws among the EU members.
  • FISMA – Federal Information Security Management Act.  Panned by most critics as being too high on process and too low on results, but has provided impetus for federal security leadership to act.