When it comes to storing, processing, and transmitting consumer data, there are several data compliance standards. Here, we’ll tell you what you need to know about the most important of these standards, including what they are and who needs to pay attention to them. Let’s take a look.
PCI: The Payment Card Industry Data Security Standard, often abbreviated as PCI, is a set of rules and regulations developed to ensure that companies that store, process, or transmit credit card information do so in an environment that is safe and secure in order to protect consumer data. PCI standards are managed by the PCI SSC, an independent body created by the main payment card brands, including MasterCard, American Express, Visa, Discover, and JCB. PCI standards are important for every business that processes, stores, or transmits credit card information, regardless of the size or type of business. Businesses found to be in violation of PCI standards may be subjected to fines.
SOX: The Sarbanes–Oxley Act of 2002, often abbreviated as SOX, was passed by the U.S. Congress in order to safeguard shareholders and the public from accounting mistakes and deceitful practices in enterprises and to improve the accuracy of corporate disclosures. The act is administered by the U.S. Securities and Exchange Commission (SEC). The act was largely a response to a number of high-profile financial scandals in the early 2000s that had a detrimental impact on investor confidence. While the act does target the financial side of things, it also has IT ramifications, specifying which kinds of records a business needs to store and for how long. It specifically mandates that all electronic messages and records must be stored for a minimum of five years. It also sets out guidelines for storage to ensure that electronic records and messages are stored in a secure manner. All U.S. companies must comply with SOX. Failure to do so could result in hefty fines or even imprisonment.
HIPPA: Relevant to all healthcare providers, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 secures the data and protects the privacy of U.S. patients. It established national standards for electronic healthcare, governing how sensitive patient information should be stored and processed.
GLBA: The Gramm-Leach-Bliley Act, or GLBA, of 1999 governs the way that financial institutions handle the private data of consumers. It essentially prevents any one entity from acting as any combination of a commercial bank, an investment bank, and an insurance company. An entity can only act as one of these three things. The act also has implications for consumer rights, mandating that all financial institutions must provide customers with a comprehensive privacy notice detailing what information they are collecting, how this information is being shared, and what steps the institution takes to safeguard the information. All financial institutions must comply with the GLBA.
The bottom line is that it is crucial to have a clear understanding of what data compliance standards apply to your organization and what you need to do to adhere to them. Otherwise, you could be facing serious fines or even jail time. Remember, compliance is key!