IT Examiner School eBook

Internal Use Only

Examples of Data Privacy Related Laws/Standards

LAW

YEAR

OVERVIEW

WHO IT IMPACTS

FERPA (Family Educational Rights and Privacy Act) HIPPAA (Health Insurance Portability and Accountability Act)

1974

Protection of student records

Any post-secondary educational institution

1996

Protects the privacy of patient records

Any company or agency that deals with Health Care Financial institutions (FIs) that offer financial products (insurance, loans, investments) US Public Companies, accounting and management firms Federal Agencies dealing with information related to National Security Companies involved in handling of credit card information

GLBA (Gramm-Leach-Bliley Act)

1999

Mandates that companies secure private information of clients and customers Maintain and protect financial records for seven (7) years Recognizes information security as a national security matter

SOX (Sarbanes-Oxley Act)

2002

FISMA (Federal Information Security Management Act) PCI-DSS (Payment Card Industry/Data Security Standard)

2002

2004

Consumer Credit Card

Internal Use Only

Information Security Related Laws Impacting FI's OVERVIEW LAW

Bank Service Company Act 12 USC 1867(c)

Subjects bank service companies to examination and regulation by Federal Regulators and requires notice to be provided within 30 days of entering into a service contract Requires installation, maintenance, and operation of security devices and procedures, to discourage robberies, burglaries, and larcenies and assist in the identification and apprehension of persons who commit such acts Requires each FI to develop, implement, and maintain, as part of its existing information security program, appropriate measures to properly dispose of consumer information derived from consumer reports to address risks associated with identity theft Requires each agency or authority to establish appropriate standards for the FI's subject to their jurisdiction relating to administrative, technical, and physical safeguards

Bank Protection Act 12 USC 1882 "Security Measures for Banks and Savings Associations" Fair and Accurate Credit Reporting Act (FCRA) 15 USC 1681W

Gramm-Leach-Bliley Act (GLBA) 15 USC 6801

Source: https://ithandbook.ffiec.gov/laws-regulations-guidance/information-security/#Laws Complete List of FFIEC Maintained Laws, Regulations, and Guidance: https://ithandbook.ffiec.gov/laws-regulations-guidance/

Made with FlippingBook - Online magazine maker