ComplianceHome is devoted to helping organization’s adhere to relevant laws, regulations, guidelines and specifications. Violations of regulatory compliance regulations often result in legal punishment including federal fines.
- Health Insurance Portability and Accountability Act of 1996 (HIPAA): HIPAA is an American law that protects patient health information (PHI). HIPAA mandates standardization of electronic health records (EHR) systems and includes IT security measures designed to protect data privacy and patient confidentiality. There are very large fines for HIPAA breaches.
- General Data Protection Regulation (GDPR): GDPR is a European regulation that protects personal data. It applies to any organisation in any location that is holding personal data for individuals who are resident in the European Union.
- Sarbanes-Oxley Act (SOX) of 2002: SOX was enacted in response to financial scandals in publicly listed companies to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. Among other provisions, the law sets rules on storing and retaining business records in IT systems.
- Can Spam Act of 2003: The Can Spam Act requires organisations to label commercial emails as advertising, use legitimate return email addresses, provide recipients with opt-out options and process opt-out requests with 10 business days.
- Dodd-Frank Act: The Dodd-Frank Act reduces the US Government dependence on banks by subjecting them to regulations that enforce transparency and accountability.
- Payment Card Industry Data Security Standard (PCI DSS): PCI DSS is not a federal law. It is a set of policies and procedures created by leading American credit card vendors (Visa, MasterCard, Discover and American Express) to standardise the security of credit, debit and cash card transactions.
- Federal Information Security Management Act (FISMA): FISMA requires US federal agencies to conduct annual reviews of information security procedures with the objective reducing IT risks and specifically protecting data.