business , compliances , security

Just a few Laws Protecting Businesses

February 8, 2012

Depending on the organization’s business, there may be several laws that govern the protection of information

  • California Database Breach Notification Act  (SB1386)
  • Computer Security Act of 1987
  • Computer Fraud and Abuse Act of 1986
  • European Union Data Privacy Directive

ASCA – Administrative Simplification Compliance Act

  • Addresses Transactions and Code Sets
  • Allows a covered entity, other than small health plans, to apply for a 12 month extension
  • Testing is required by April 15, 2003

Privacy Modification NPRM

  • Simplifies implementation requirements for Privacy regulation, but doesn’t change date
  • Adoption or modification expected in August
  • Does not effect our product positioning, but could effect policies.

 

The Risk Mitigation

Information Risk Analysis

  • Identify what your business data is worth to you

Security Policy

  • Clearly document your security objectives

Accountability

  • Have senior people responsible for information security

Investment

  • Make cost-effective resource commitments to information security 

To name a few what others should be considered?