 |
|
|
 Security
Compliance |
 |
|
State, Federal and International laws are in place today requiring
businesses to document the steps they are taking to ensure best-practice
security measures. Without documented efforts, businesses become
liable for damages in the event of a security breach.
NCX Group provides affordable security compliance tools to satisfy
the requirements of most security and privacy regulations. Some
specific laws that affect a large number of businesses are shown
below. |
 |
 |
California SB 1386
mandates public disclosure of computer-security breaches in
which confidential information of ANY California resident MAY
have been compromised. The law covers every enterprise,
public or private, doing business with California residents.
After July 1, 2003, those who fail to disclose that a security
breach has occurred could be liable for civil damages or face
class actions. |
|
The Gramm-Leach-Bliley Act signed into
law on Nov. 12, 1999 requires financial institutions
to Assess Risk, Manage and Control Risk, Oversee Service
Providers, and Adjust security programs as needed based on changing
risk. One specific provision requires the business to "Identify
reasonably foreseeable internal and external threats that could
result in unauthorized disclosure, misuse, alteration, or destruction
of customer information or customer information systems."
|
|
The Health Insurance Portability and Accountability
Act (HIPAA) Privacy Rule became effective April 14, 2003
with healthcare organizations requiring compliance by April,
2005. The HIPAA Privacy Rule is federal law, that carries penalties
of up to $250,000 in fines and jail time of up to 10 years.
The rule applies to "electronic protected health information"
-- essentially, patients' medical records and other personal
health care information. It affects every company that
transmits protected health information in electronic form, which
includes health plans, health care clearinghouses and health
care providers. Full compliance requires these entities
to understand the threats and liabilities to this protected
data and that they implement a wide variety of safeguards and
security best practices. |
|
The Payment Card Industry (PCI) Data Security
Standard is a unified set of twelve specific data protection
policies adopted by the big credit card companies to combat
transaction fraud and theft of cardholder data. Compliance/validation
for merchants and service providers was June 30, 2005. |
|
The Sarbanes-Oxley Act
was enacted on July 30, 2002 and imposes new mandates on publicly
held companies and their executives, directors, auditors and
attorneys. This Act requires higher standards and accountability
of internal accounting controls and raises the level of personal
risk to those executives signing annual corporate reports.
Compliancy by most publicly held companies was on June 15,
2004, but smaller companies and foreign-owed companies will
have to comply for fiscal years ending on or after April 15,
2005. |
|
Canada's
Personal Information Protection and Electronic Documents Act,
which took effect on January 1, 2004, provides broad privacy
protections for Canadian citizens. All companies that
collect, use or disclose personal information about Canadian
citizens during the course of commercial activities will have
to comply with this law. The law is already in effect
for banks, airlines, transportation companies and telecommunications
firms. Among other provisions, it requires covered businesses
to implement security measures to protect personal data. |
Prepare yourself
TODAY by implementing robust security practices with NCX Group.
| |
|
|
