|
 |
Regulatory legislation is here to stay because the majority of data gathered and compiled by organizations is now in electronic format. While is has made storage and transmission of this information more efficient, it has also provided more opportunities for data to be lost, stolen or corrupted. In order to protect sensitive customer and patient data and safeguard intellectual property, the US Congress has passed a number of laws governing how this data is to be secured. These laws are applicable to almost every industry including financial institutions, medical organizations, government entities and businesses of all kinds. In addition to protecting data, these organizations must be able to document that they are in compliance.
The responsibility for insuring compliance usually falls on IT professionals who must prove that their systems and networks are secure and that client/patient data, financial statements, intellectual property and other sensitive records can be secured and transmitted in pristine condition and protected from internet and email-borne threats such as viruses and worms.
Some regulations provide detailed requirements for the written security and privacy policies an organization must provide, while other regulations are less specific, requiring only that safeguards be "appropriate" depending on the size of the organization and the type of activity it conducts.
No matter what regulations govern your organization's activities, the ability to protect your sensitive and proprietary records is paramount to your fiscal health. Lack of compliance carries serious consequences including substantial fines and litigation that can directly affect your bottom line. Our SCM solutions including iPrism Web Security and EdgeWave Email Security not only secure your network against threats to your data from malware, spyware, botnets, P2P and IM, they provide comprehensive drill-down and real time monitoring and reporting that can help you document your compliance and consistently stay within the boundaries of the legislation affecting your organization. The EdgeWave Secure Email Archive, with unlimited storage capacity, preserves your organization’s email in an unalterable state and indexes them for quick retrieval. And your emails are retained for as long as you subscribe to the service.
The following is a table that contains a list of key regulations, the industries they affect and their general policy requirements:
| Regulation |
|
Industry |
|
Requirements |
|
| HIPAA (Health Insurance Portability and Accountability Act of 1996) |
|
Healthcare |
|
- Requires protection of confidentiality and assures the integrity and availability of all electronic protected health information (EPHI) that is created, received, maintained or transmitted
- Eligible entities must protect against any reasonably anticipated threats or hazards to the security or integrity of such information
- Requires protection against any reasonably anticipated uses or disclosures of such information that are not permitted or required by the Privacy Rule; and
- Organizations must ensure compliance by their workforces
|
|
| CIPA (Child Internet Protection Act) |
|
Schools and Libraries |
|
Schools and libraries subject to CIPA are required to adopt and implement a policy addressing minor Internet use as well as the technology required to enforce the policy. The policy and technology should address:
- Access by minors to inappropriate matter on the Internet;
- The safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications;
- Unauthorized access, including so-called "hacking," and other unlawful activities by minors online;
- Unauthorized disclosure, use, and dissemination of personal information regarding minors; and
- Restricting minors' access to materials harmful to them.
Failure to comply can disqualify schools and libraries from getting valuable e-Rate funds to purchase technology |
|
| Sarbanes-Oxley Act (SOX) |
|
All Publicly Traded Companies |
|
- Requires executives and auditors to confirm the effectiveness of internal controls for financial reporting.
- Ensures control of unauthorized access to data or data deletion
- Requires robust access controls, interoperable with enterprise authentication, access and auditing
|
|
| Gramm-Leach-Bliley Act (GLBA) |
|
Financial Services |
|
- Institutions governed by GLBA must assure the security and confidentiality of customer records and information
- They must protect against any anticipated threats or hazards to the security or integrity of such records
- They must protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.
|
|
| The Prioritizing Resources & Organization for Intellectual Property Act |
|
All US Companies |
|
- In general, gives law enforcement more latitude in enforcing intellectual property (IP) laws
- Protects IP including pharmaceuticals and manufactured goods, and artistic works such as MP3 and video files or other content transmitted electronically as well as on hard media
- Organizations that are lax in securing their networks from illegal downloads face stiff penalties including criminal charges and having their computer equipment confiscated
|
|
|
|
|
