HEALTHCARE & HITECH
Entities regulated by HIPAA (Health Insurance Portability and Accountability Act) and recent updates in HITECH (Health Information Technology for Economic and Clinical Health Act) are subject to extensive data security requirements, and some states impose further security requirements.
The European General Data Protection Regulation went into effect in May 2018 and organizations globally face dramatic increases in requirements to protect private information and severe penalties for breaches. Although it was created by the EU, the GDPR will have international reach, covering the personal information of European citizens – wherever it is distributed globally.
PCI SECURITY COUNCIL
The Payment Card Industry Security Council Council Data Security Guidelines (DSS) provide specific recommendations on the use of encryption to protect credit and financial account information.
US STATE PRIVACY LAWS
To date, 47 U.S. states have enacted data privacy laws, often modeled after California’s SB 1386. Most of these laws are designed to protect misuse or disclosure of personally identifiable information.