Week 2 Lab Compliance Law | Purpose | Requirements | PCI | To enhance security of credit card data. The key pieces of data that can be stolen are: name, credit card number, expiration date, and security code. | 1. Install and maintain a firewall. 2. Do no use defaults. 3. Protect stored data. 4. Encrypt transmissions. 5. Use and update antivirus software. 6. Develop and maintain secure systems. 7. Restrict access to data. 8. Use unique logons for each user. 9. Restrict physical access. 10. Track and monitor all access to systems and data. 11. Regularly test security. 12. Maintain a security policy. | HIPAA | To ensure that health information data is protected. Health information is any data that is created or received by health care providers, health plans, public health authorities, employers, life insurers, schools or universities, and health care clearinghouses. It relates to any past, present, or future health, physical health, mental health, or condition of an individual, and past, present, and or future payments for health care. | Security standards: Specific standards are to be used for storage of data, use of data, and transmission of data.Privacy standards: Data must not be shared with anyone without the express consent of the patient.Penalties: Penalties include mistakes, knowingly obtaining or releasing data, obtaining or disclosing data under false pretenses, and obtaining or disclosing data for personal gain or malicious harm. | FERPA | To protect the privacy of student records. This includes education data and health data. FERPA applies to all schools that receive any funding from the U.S. Department of Education. | FERPA grants rights to parents of students under 18. All personally identifiable information (PII) about the student must be protected. Schools usually need permission to release PII. | SOX | To reduce fraud. SOX applies to any company that is publicly traded. It is designed to hold executives and board members personally responsible for financial data. | CEOs and CFOs must be able to verify accuracy of financial statements and prove that the statements are accurate. | GLBA | Also known as the Financial Services Modernization Act. It relates to how banking and insurance institutions can merge. | Financial Privacy Rule: Requires companies to notify customers about their privacy practices.Safeguards Rule: Companies must have a security plan to protect customer information. |