Security Compliance Drivers

The following are key compliance drivers for the IT security market:

  • Health Insurance Portability and Accountability Act (HIPAA) Signed into law in 1996.  Requirements designed to protect privacy of patient information.  Focus is on protecting sensitive data and securing electronic transmissions of healthcare records.
  • Payment Card Industry Data Security Standard (PCI-DSS) – Joint effort between American Express, Discover, MasterCard and Visa to provide a universal standard for security for processors of credit card transactions.  PCI-DSS requires encryption and other data-security requirements to protect credit card information and ensure privacy.
  • Sarbanes-Oxley (SARBOX) – Requires risk assessment and the deployment of comprehensive security measures to protect sensitive data.
  • Patriot ActRequires financial institutions to verify customer identities and maintain information records on new accounts.  Financial institutions are required to hold larger amounts of sensitive information that need to be protected.
  • California Law SB 1386Companies must notify the public whenever there is a breach of personal information by an unauthorized party.  This raises the potential for embarrassment by companies that have breaches.
  • Gramm-Leach-Bliley (GLB) – Requires financial institutions to establish administrative, technical and physical safeguards to ensure confidentiality of customer records.  GLB also prohibits reuse or disclosure of information without expressed written consent form customers.
  • Government Information Security Reform Act (GISRA)Fed agencies are encouraged to conform to best practices in developing a formal security policy.
  • Computer Security Enhancement Act of 2001NIST focus on improving computer security.
  • Basel IIAccord applying to international banking.  Creates international standard for creating regulations for banks.  Primarily deals with capital requirements but has security components.
  • European Data Protection DirectiveAddresses identity theft, online fraud, and privacy issues related to consumers, employees and citizens, and harmonize privacy laws among the EU members.
  • FISMA Federal Information Security Management Act.  Panned by most critics as being too high on process and too low on results, but has provided impetus for federal security leadership to act.