IT Examiner School eBook
Internal Use Only
Examples of Data Privacy Related Laws/Standards
LAW
YEAR
OVERVIEW
WHO IT IMPACTS
FERPA (Family Educational Rights and Privacy Act) HIPPAA (Health Insurance Portability and Accountability Act)
1974
Protection of student records
Any post-secondary educational institution
1996
Protects the privacy of patient records
Any company or agency that deals with Health Care Financial institutions (FIs) that offer financial products (insurance, loans, investments) US Public Companies, accounting and management firms Federal Agencies dealing with information related to National Security Companies involved in handling of credit card information
GLBA (Gramm-Leach-Bliley Act)
1999
Mandates that companies secure private information of clients and customers Maintain and protect financial records for seven (7) years Recognizes information security as a national security matter
SOX (Sarbanes-Oxley Act)
2002
FISMA (Federal Information Security Management Act) PCI-DSS (Payment Card Industry/Data Security Standard)
2002
2004
Consumer Credit Card
Internal Use Only
Information Security Related Laws Impacting FI's OVERVIEW LAW
Bank Service Company Act 12 USC 1867(c)
Subjects bank service companies to examination and regulation by Federal Regulators and requires notice to be provided within 30 days of entering into a service contract Requires installation, maintenance, and operation of security devices and procedures, to discourage robberies, burglaries, and larcenies and assist in the identification and apprehension of persons who commit such acts Requires each FI to develop, implement, and maintain, as part of its existing information security program, appropriate measures to properly dispose of consumer information derived from consumer reports to address risks associated with identity theft Requires each agency or authority to establish appropriate standards for the FI's subject to their jurisdiction relating to administrative, technical, and physical safeguards
Bank Protection Act 12 USC 1882 "Security Measures for Banks and Savings Associations" Fair and Accurate Credit Reporting Act (FCRA) 15 USC 1681W
Gramm-Leach-Bliley Act (GLBA) 15 USC 6801
Source: https://ithandbook.ffiec.gov/laws-regulations-guidance/information-security/#Laws Complete List of FFIEC Maintained Laws, Regulations, and Guidance: https://ithandbook.ffiec.gov/laws-regulations-guidance/
Made with FlippingBook - Online magazine maker