<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=522217871302542&amp;ev=PageView&amp;noscript=1">

Security Practice Foundations Series: Compliance

Posted by Divya Prabakaran on Mar 13, 2019 12:36:43 PM

With security threats becoming more advanced, security and information management must be top priority. Education and awareness are essential. Whether its best practices, security trends, or developing a foundational knowledge of security technologies, being informed is paramount.Tech Data’s Security Practice Foundations blog series can help you build a strong foundation of security knowledge.

What is Compliance?

Today, there are a number of regulations that people need to be aware of and pay close attention to. They can involve anything, ranging from hiring procedures and workplace environments to health information and school records. Knowing what must be done to stay compliant is critical to any project and should be adhered to from the beginning. It’s easier to design with compliance in mind rather than to make changes and accommodate the requirements later on.

 By now, most people know about General Data Protection Regulation (GDPR). It’s widely considered to be the most important change in data privacy regulation in 20 years. It affects all companies operating in the European Union (EU), regardless of where they’re actually based. Though that’s the most talked about regulation at the moment, there are many more that are worth paying attention to. Here’s a quick look at a few of them:

Health Insurance Portability and Accountability Act (HIPAA)

HIPAA is federal law that covers an individual’s medical information and how that information must be stored and transmitted. It requires appropriate administrative, technical and physical safeguards must be maintained to protect Protected Health Information (PHI) including identifying a privacy individual who makes sure that HIPAA rules are followed and that anyone who may come into contact with PHI is trained on how to handle it. As with GDPR, a complaint process must be established for individuals with concerns about their PHI. It makes organizations responsible for maintaining the confidentiality of patient records in the healthcare industry.

Family Educational Rights and Privacy Act (FERPA)

Similar to HIPAA, FERPA is a federal law that protects the privacy of student education records. The rights belong to the parents until they’re 18 and transfer to the student after that. Schools have the right to disclose directory information about every student without their permission. But they must tell parents and students about the information and allow them the option to opt out. Schools must also notify them annually about their rights under FERPA.

Sarbanes-Oxley Act (SOX):

This legislation is important when it comes to publicly traded companies. SOX was passed following a number of corporate scandals and requires companies to make major changes to bring their companies into compliance. It holds top executives personally responsible for the accuracy of the company’s financial data.

Payment Card Industry Data Security Standard (PCI DSS)

PIC DSS is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment regardless of how they accept payments or their size. It’s administered and managed by the Payment Card Industry Security Standards Council (PCI SSC) an independent body that was created by the major credit card companies.

 On the Horizon

Technology is constantly changing and privacy laws need to adjust as new innovations become available. Following GDPR, states in the US are taking measures to protect people’s online privacy. Just this year, California passed a digital privacy law that gives consumers more control over the spread of their personal information online. Other states are expected to follow or amend current data privacy legislation.

 Staying on top of compliance is a must, but you don’t have to do it alone. The Tech Data Security specialist can help you identify what you business’s needs are through consultations and assessments. If you are interested in discussing what options are available, contact them at SecurityServices@techdata.com.

 Missed any of our previous blog posts in the series? If so, we’ve provided links to each: Identity and Access Management, Security Intelligence, Network and Perimeter Security, and Data and Application Security, and Endpoint Security.

Sources:

 https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html

https://www.pcicomplianceguide.org/faq/

https://www.pcisecuritystandards.org/

https://www.nytimes.com/2018/06/28/technology/california-online-privacy-law.html

 

About the Author

Divya Prabakaran is student at University of South Florida pursuing a bachelor’s degree in Cybersecurity. She has interned for the Data Analytics and Security organizations at Tech Data. When she’s not writing security blogs or doing schoolwork, she can be found in her kitchen baking and taste-testing her new recipes.

Tags: Cybersecurity, Compliance, HIPAA, sox, GDPR, PCI DSS, FERPA, privacy, protection

Subscribe to Email Updates