Introduction
In the modern information age, there are numerous laws which affect the collection and storage of digital data. These laws define the methods of collection, the manner of storage, and a host of other requirements that companies must follow. Often, the regulations and laws are industry specific.
The primary purpose of these laws is to create a base line of rules for companies that collect data on consumers. They outline security protocols that must be followed to keep data safe. For example, a customer’s username and password must be encrypted.
Common Governing Laws and Regulations
- GLBA (Gramm, Leach, Bliley Act) – Financial data.
- CFPB (Consumer Protection Financial Bureau) – Financial Data.
- HIPAA (Health Insurance Portability Accountability Act) – Hospitals & Doctor Offices.
- GDPR (General Data Protection Regulation) – European Consumer Standards.
- PCI DSS (Payment Card Industry Data Security Standards) – Financial Data.
- ISO 27001 – Information Security Management Systems. Federal
- FIPS (Federal Information Processing Standard) – Guidelines for Cryptography.
- FERPA (Family Educational Rights and Privacy Act) – Protection of Education Records.
- NIST 800-63 – Technical Regulations for Digital Identities in Federal Systems.
- NIST 800-61 – Incident Handling Guide.
- NIST 800-53 – Security and Privacy Controls for Information Systems.