Crystal IT
Skip Navigation Links
Home
Solutions
Services
Industries
News
About
Service Disabled Veteran Owned Business

 
Learn more about data security and compliance -
Data Security Compliance
Skip Navigation Links
Compliance Legislation

HIPPA

In 1996, the US Department of Health and Human Services was required to establish and implement national standards pertaining to the secure handling of electronic health care information. The final rule adopting HIPAA standards for security was published in the Federal Register on February 20, 2003. This rule includes administrative, technical and physical security procedures as it pertains to all covered entities so that confidential health information is secure.


For more information on HIPAA, please visit: http://www.hhs.gov/ocr/hipaa/

Sarbanes-Oxley

The Sarbanes-Oxley Act of 2002 was signed into law on July 30, 2002 and is one of the most significant changes ever legislated to federal securities law. This was motivated by all of the corporate financial scandals (Enron, WorldCom, etc) and includes the following provisions:
-Accelerated reporting of trades by insiders
-Public reporting of CEO and CFO compensation and profits
-Auditor independence and a prohibition on audit firms offering value-added (read "conflict of interest") services


For more on the Sarbanes-Oxley Act, please visit: http://soxlaw.com/

Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley Act regulates the sharing of personal information about individuals who obtain financial products or services from financial institutions. It attempts to inform individuals about the privacy policies and practices of financial institutions, so that consumers can use that information to make choices about financial institutions with whom they wish to do business. The law gives consumers limited control - via opt-out - over how financial institutions use and share the consumers personal information.


For more information on the Gramm-Leach-Bliley Act, Please visit: http://banking.senate.gov/conf/

PCI Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS) was developed by major credit card companies like MasterCard and Visa to increase consumer confidence in using credit cards for electronic payment. The standard applies to all merchants, financial institutions, service providers, and others that use, store, process, or transmit payment cardholder data. It ensures that these organizations take due care and diligence to prevent credit card fraud, identity theft, and hacking, and addresses many other security issues as well. The standard has 12 requirements designed to ensure the confidentiality and integrity of customer information.


For more information, please visit: https://www.pcisecuritystandards.org/

PIPEDA

PIPEDA stands for the Personal Information Protection and Electronic Documents Act. It is a Canadian law relating to data privacy. It governs how private-sector organizations collect, use, and disclose personal information in the course of commercial business.


For more on PIPEDA, please visit: http://www.privcom.gc.ca/legislation/02_06_01_e.asp

California Senate Bill 1386

In the United States, the California Security Breach Information Act (SB-1386) is a California state law requiring organizations that maintain personal information about individuals to inform those individuals if the security of their information is compromised. The Act stipulates that if there's a security breach of a database containing personal data, the responsible organization must notify each individual for whom it maintained information. The Act, which went into effect July 1, 2003, was created to help stem the increasing incidence of identity theft.


For more on this Bill, please visit: http://www.bitpipe.com/tlist/California-Senate-Bill-1386.html

Safe Harbor Act

The United States Department of Commerce enacted this legislation which aims to harmonize data privacy practices in trading between the United States of America and the stricter privacy controls of the European Union Directive 95/46/EC on the protection of personal data.


For further information, please visit: http://www.export.gov/safeHarbor/

UK Data Protection Act

The Data Protection Act gives you the right to know what information is held about you, and sets forth rules to make sure that this information is handled properly


To see more on this Act, please visit: http://www.ico.gov.uk/what_we_cover/data_protection.aspx

Legislation
Enterprise GPS