Brief descriptions of common regulations effecting data security follow:
The Health Insurance Portability and Accountability Act, originated in 1996, is a federal law that includes protecting medical records and other identifiable health information, whether it is on paper, in computers, or communicated orally.
The Family Education Rights and Privacy Act, originated in 1974, is a federal law that protects the privacy of student education records. Students have specific, protected rights regarding the release of such records.
The Gramm-Leach-Bliley Act, originated in 1999, is a federal law related to financial services and includes provisions to protect consumers' personal financial information held by financial institutions.
The Payment Card Industry Data Security Standard applies to all entities that store, process, or transmit cardholder data. It is administered by the PCI Security Standards Council, founded jointly by credit card financial institutions in 2006. It's intent is to help alleviate vulnerabilities and protect cardholder personal financial data from theft and misuse. PCI Data Security Standards consist of 12 distinct standards of practice and technology developed to protect debit, credit, pre-paid, e-purse, ATM and POS cards and associated businesses.
Privacy Laws vary by state but generally protect the same core of information about a person, referred to as Personally Identifiable Information or PII. The laws require that individuals be notified when their personal information has been compromised and that this notification is done in a timely manner.
Personally Identifiable Information (PII) is defined by Maine State Breach notification law as: