Industry Regulations and the Protection of Sensitive Data
Companies in highly regulated industries, such as financial services and healthcare, must comply with numerous regulations, including PCI DSS, SOX, GLBA, HIPAA and HITECH, and many others. These regulations offer specific guidance on handling personal information and cloud compliance for sensitive data, and companies are bound to ensure that their information security policies and IT systems comply with the guidelines. Perspecsys’ solution can help organizations meet their regulatory standards while benefiting from the use of cloud applications.
Examples of industry regulations that encompass information related to cloud compliance standards include:
PCI DSS (Payment Card Industry Data Security Standard)
PCI Data Security Standards (PCI DSS) are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The Council is responsible for managing the security standards, while the payment card brands enforce compliance in the cloud. The standards apply to all organizations that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions. More about PCI DSS cloud data security >>
ITAR (International Traffic & Arms Regulations)
Sector specific data protection and security requirements exist in many countries. For example, in Defense and Manufacturing, many organizations need to comply with regulations known as ITAR (International Traffic in Arms Regulations). ITAR regulate the import and export of defense-related products, services, and technologies that are included on the United States Munitions List (USML). More about ITAR cloud data security >>
HIPAA & HITECH (Health Insurance Portability and Accountability Act & Health Information Technology for Economic and Clinical Health Act)
The federal Health Insurance Portability and Accountability Act (HIPAA) requires healthcare organizations to maintain the confidentiality of electronic health information that can be linked to an individual patient (electronic Protected Health Information, or ePHl). Penalties and criminal enforcement of the HIPAA Security Rules were made stronger via several provisions in The Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009. The HIPAA Security Rules require healthcare organizations to adopt the appropriate safeguards to protect the confidentiality, integrity and availability of patients’ protected health information. More about HIPAA cloud data security >>
FERPA (Family Educational Rights and Privacy Act)
In the U.S., requirements for personal information protection extend to the education field and student personal information. The Family Educational Rights & Privacy Act of 1974 (FERPA) is a federal law that gives students access to their education records, the ability to seek to have the records amended, and control over the release of the information to third parties. With some exceptions, schools must have a student’s consent prior to disclosure of personal data including grades, enrollment status, and billing information. The law applies to educational agencies and institutions that receive funding from the U.S. Department of Education. More about FERPA compliance and regulations >>
