Skip to main content
Workforce LibreTexts

6.8: Legal and Compliance Requirements

  1. Last updated
  2. Save as PDF
  • Page ID
    30799

    • \( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \)

    \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)

    \( \newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\)

    ( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\)

    \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\)

    \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\)

    \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\)

    \( \newcommand{\Span}{\mathrm{span}}\)

    \( \newcommand{\id}{\mathrm{id}}\)

    \( \newcommand{\Span}{\mathrm{span}}\)

    \( \newcommand{\kernel}{\mathrm{null}\,}\)

    \( \newcommand{\range}{\mathrm{range}\,}\)

    \( \newcommand{\RealPart}{\mathrm{Re}}\)

    \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\)

    \( \newcommand{\Argument}{\mathrm{Arg}}\)

    \( \newcommand{\norm}[1]{\| #1 \|}\)

    \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\)

    \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\AA}{\unicode[.8,0]{x212B}}\)

    \( \newcommand{\vectorA}[1]{\vec{#1}}      % arrow\)

    \( \newcommand{\vectorAt}[1]{\vec{\text{#1}}}      % arrow\)

    \( \newcommand{\vectorB}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \)

    \( \newcommand{\vectorC}[1]{\textbf{#1}} \)

    \( \newcommand{\vectorD}[1]{\overrightarrow{#1}} \)

    \( \newcommand{\vectorDt}[1]{\overrightarrow{\text{#1}}} \)

    \( \newcommand{\vectE}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash{\mathbf {#1}}}} \)

    \( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \)

    \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)

    The increase in consumers' concerns over their privacy has led to new legal and compliance regulations.  

    Here is a brief overview of some key legal and compliance regulations related to information security that are relevant to businesses:

    • PCI DSS (Payment Card Industry Data Security Standard) - Sets security requirements for any organization that processes, stores or transmits credit card data. Ensures secure handling of payment information.
    • HIPAA (Health Insurance Portability and Accountability Act) - Requires protection and limited disclosure of patient health data by healthcare providers, insurance companies, and related businesses.
    • GDPR (General Data Protection Regulation) - European Union data privacy regulations that govern how personal data is collected, stored and shared. Impacts any company dealing with EU citizens' data.
    • CCPA (California Consumer Privacy Act) - Gives California residents rights over the personal information that businesses collect about them. Affects any company with CA customers.
    • FERPA (Family Educational Rights and Privacy Act) - Governs access to student educational records; applicable to any educational institution receiving US federal funding.
    • NIST Framework - Cybersecurity guidance for US federal agencies and contractors working with the government. Widely adopted as best practices.

    Adhering to these regulations is mandatory, not optional, for any business that falls under their jurisdiction.

    Fun Facts:  What was the impact of GDPR to Google and US businesses?

    The EU's General Data Protection Regulation (GDPR) came into effect in 2018 and imposed strict new requirements around data privacy and security. As one of the first major cases enforcing GDPR, Google was fined €50 million euros (~$57 million USD) that same year by French regulators for lacking transparency and consent controls for ads personalization.

    GDPR has compelled many US companies to overhaul their data collection practices and security measures if they have any customers in the EU. Violations can lead to fines up to 4% of global revenue. Even for small to mid-sized US companies, GDPR prompted significant investment in consent management, data minimization, breach notification procedures, and other areas to avoid facing similar non-compliance penalties.

    Do you remember that in that time frame, when we visited websites and received new prompts such as "by clicking Agree', you consent to us...", or "manage your preferences," etc.  

     

    It was not cheap to implement GDPR either.  It could cost small businesses with less than 500 employees, around $9000.00 to meet compliance.  It could be up to millions for large global companies!

    This page titled 6.8: Legal and Compliance Requirements is shared under a CC BY license and was authored, remixed, and/or curated by Ly-Huong T. Pham and Tejal Desai-Naik (Evergreen Valley College) .

    1. Back to top
    • Was this article helpful?

    Recommended articles

    1. Article type
      Section or Page
      Author
      Ly-Huong T. Pham and Tejal Desai-Naik
      License
      CC BY
    2. Tags
      1. CCPA
      2. FERBA
      3. GDPR
      4. HIPAA
      5. NIST
      6. PCI DSS