Data Privacy Laws – Compliance
Every business, healthcare organization and governmental agency has certain responsibilities regarding the privacy of their customers’ information and compliance with data privacy laws, but a shocking number are unaware of exactly what those responsibilities are, or of what the penalties and fines are for not being compliant. This is a growing concern for the government, and as a result, those who violate or ignore data privacy laws are finding themselves subject to increasing levels of investigation and enforcement, and penalties that are growing higher and higher. HIPAA – GLBA – PCI DSS. It is important that businesses understand that the legislation that has been passed regarding compliance with data privacy is not a suggestion or an option: it is national law, and there is an obligation to learn the rules and follow them.
DATA PRIVACY LAWS AND GUIDELINES
The HIPAA Security Rule establishes national standards to protect individuals’ EPHI that is maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of EPHI.
The Payment Card Industry Data Security Standard (PCI-DSS) intent was to create an additional level of protection for card issuers by ensuring that merchants meet minimum levels of security when they store, process and transmit cardholder data.
NIST 800-88 provides guidance to assist organizations in making practical sanitization decisions based on the confidentiality of their information. Media sanitization refers to a process, such as hard drive shredding, that renders digital media infeasible for a given level of effort.
The Gramm-Leach-Bliley Act (GLBA) requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to safeguard sensitive data all the way through secure data destruction.