The following are key compliance drivers for the IT security market:
- Health Insurance Portability and Accountability Act (HIPAA) – Signed into law in 1996. Requirements designed to protect privacy of patient information. Focus is on protecting sensitive data and securing electronic transmissions of healthcare records.
- Payment Card Industry Data Security Standard (PCI-DSS) – Joint effort between American Express, Discover, MasterCard and Visa to provide a universal standard for security for processors of credit card transactions. PCI-DSS requires encryption and other data-security requirements to protect credit card information and ensure privacy.
- Sarbanes-Oxley (SARBOX) – Requires risk assessment and the deployment of comprehensive security measures to protect sensitive data.
- Patriot Act – Requires financial institutions to verify customer identities and maintain information records on new accounts. Financial institutions are required to hold larger amounts of sensitive information that need to be protected.
- California Law SB 1386 – Companies must notify the public whenever there is a breach of personal information by an unauthorized party. This raises the potential for embarrassment by companies that have breaches.
- Gramm-Leach-Bliley (GLB) – Requires financial institutions to establish administrative, technical and physical safeguards to ensure confidentiality of customer records. GLB also prohibits reuse or disclosure of information without expressed written consent form customers.
- Government Information Security Reform Act (GISRA) – Fed agencies are encouraged to conform to best practices in developing a formal security policy.
- Computer Security Enhancement Act of 2001 – NIST focus on improving computer security.
- Basel II – Accord applying to international banking. Creates international standard for creating regulations for banks. Primarily deals with capital requirements but has security components.
- European Data Protection Directive – Addresses identity theft, online fraud, and privacy issues related to consumers, employees and citizens, and harmonize privacy laws among the EU members.
- FISMA – Federal Information Security Management Act. Panned by most critics as being too high on process and too low on results, but has provided impetus for federal security leadership to act.