News & Press |
HomeNews & PressCompliance Facts Compliance Facts — What every business should knowIt's no wonder in today's insecure climate that new privacy legislation is being introduced at an unprecedented rate. While this provides a great benefit for those individuals whom the laws protect, it has also placed a huge burden on IT departments across America. Is your business affected by seemingly endless the proliferation of privacy laws? Many businesses have already paid severe penalties for not complying. These include criminal prosecution, fines, and up to 5 years in prison. Will your business be next? Read the facts and be prepared. New York implements its own data security law.Governor George Pataki signed the Information Security Breach and Notification Act (A04254) into law on August 10th, 2005. New York joins a growing number of states which legislate the protection of consumers' personal data.
Washington's SB-6043 mirrors California's SB-1386On July 23rd, 2005, the Substitute Senate Bill (known as SB-6043) became law in the state of Washington. Drawing heavily from California's SB-1386, the law regulates disclosure standards concerning data security breaches involving unencrypted personal information.
Gramm-Leach-Bliley Act: Government tough on financial institutions on protecting privacyIn November 1999, the Gramm-Leach-Bliley Act (GLBA) was passed to mandate that all companies protect the security and confidentiality of their customers private information. For financial institutions and other businesses, this means identifying security risks and implementing solutions to guarantee that all of its customers data remains safe and secure.
California's SB-1386 law requires disclosure of compromised dataA privacy law in California, called SB 1386, requires all businesses in the state that own or license computerized data with personal information, to disclose to residents any breach of the security of the data if unencrypted personal information is reasonably believed to have been acquired by an unauthorized person.
But as California businesses scramble to comply, nationwide legislation could be on the way. In June 2003, Senator Diane Feinstein introduced the Notification of Risk to Personal Data Act, a bill modeled on California’s SB-1386 security law.
HIPAA takes affect April 21stAs of April 21st, 2005, nearly all healthcare institutions will need to be in compliance with the security requirements of the Health Insurance Portability and Accountability Act (HIPAA). Enacted to address the growing privacy and security concerns of electronically processed medical transactions (http://www.hhs.gov/ocr/hipaa/), it is just one example of the growing impact that the federal government will have in the coming years with regard to data security. In an ever expanding data-driven world, many technology managers and auditors are realizing that encryption can be key in ensuring the integrity of data.
Sarbanes-Oxley Act designed to prevent accounting misrepresentationDrafted in response to the corporate scandals at Enron and Global Crossing in 2001, Sarbanes-Oxley was enacted In August of 2002. The law requires that all public companies audit their own financial reporting through and accounting oversight board, and was designed to help prevent accounting abuses and misrepresentation to company shareholders and interested parties. Large corporate-wide scandals such as the ones that occurred at Enron and Global Crossing in 2001 emphasize how ethics in business is not only prudent, but necessary for survival. In general, corporate crimes such as insider trading and embezzlement and can often times be traced to loose security. An example might be an unethical employee gaining access to unauthorized data, possibly through poorly secured servers using a compromised password.
|
Learn how your businesses must comply with A04254