| Security Initiative |
Overview |
EU |
NA |
AP |
RW |
| 21 CFR Part 11 |
FDA regulated companies |
|
= |
|
|
| Arkansas SB 1167 + 32 other state Notification Laws |
Arkansas Residents to be notified immediately if their personal identifiable information has been subject to unauthorized access |
|
= |
|
|
| BBB Online (privacy standards) |
Better Business practices for websites |
= |
= |
= |
= |
| BS7799/ IS 17799 |
Information on how to build, operate, maintain and improve an Information Security Management System |
= |
= |
= |
= |
| California SB 1386 |
California Residents to be notified immediately if their personal identifiable information has been subject to unauthorized access |
|
= |
|
|
| Children's Online Privacy Protection Act (COPPA) |
Privacy protections for information about children |
|
= |
|
|
| COBiT |
Generally applicable and accepted standard for good (IT) security |
= |
= |
|
|
| Data Protection Act 1998 (UK) |
Protection of sensitive personal data for UK Residents |
= |
|
|
|
| E-Signatures Act |
Use of electronic records and signatures in interstate and foreign commerce by ensuring the validity and legal effect of contracts entered into electronically |
= |
= |
= |
= |
| European Union (EU) Data Privacy Directive |
Rules that address the handling of all types of personal data |
= |
|
|
|
| Family Educational Rights and Privacy Act (FERPA) |
|
|
= |
|
|
| Federal Energy Regulatory Commission (FERC) |
Regulations for Energy Companies |
|
= |
|
|
| Federal Information Security Management Act (FISMA) |
Framework for enhancing the effectiveness of information security in the federal government. |
|
= |
|
|
| Freedom of Information Act (FOIA) Exemption |
Trade secrets, commercial information |
|
= |
|
|
| Gramm-Leach-Bliley Act (GLBA) |
Preservation of confidentiality of personal financial data |
= |
= |
|
|
| Health Insurance Portability & Accountability Act (HIPAA) |
Healthcare providers to preserve confidentiality of medical records |
|
= |
|
|
| Interactive Advertising Bureau |
Online Marketing standards |
|
|
|
|
| (ISBA) Standards |
|
|
|
|
|
| Sarbanes-Oxley Act (SOX) |
Availability Internal Controls |
|
= |
|
|
| Statement of Auditing Standards (SAS) No. 70 |
Pertaining to Service Organizations |
|
= |
|
|
| TRUSTe Privacy Standards |
Open disclosure of usage of information collected by websites |
= |
= |
= |
= |
| US National Do Not Call (DNC) Registry |
Telemarketing regulation |
|
= |
|
|
| USA Patriot Act |
|
|
= |
|
|
| WebTrust |
e-Commerce standards comprised of prevailing best practices and requirements from around the world |
= |
= |
= |
= |
| XML Standards |
Information Storage and Exchange |
= |
= |
= |
= |
| *This guide is not intended to be used as legal advice, but to be used as an informational tool |
