Privacy and Compliance laws related to Cybersecurity

We can help your organization be in compliant with cybersecurity regulations and legislation
Do you know which regulations relate to you?

Organizations need to be concerned with complying with information security from top to bottom. Regulations are in place that can help an organization improve information security while non-compliance can result in severe fines. It may be difficult for an organization to understand which laws apply and which ones do not because many different sets of laws can apply to one organization and not another. Within the United States, 47 states have laws requiring that organizations provide notice to individuals affected by a security breach. A handful of states further require that organizations implement reasonable security measures to protect certain types of data.

 

We can help you stay in compliant with security laws, regulations and guidelines. We will identify all the gaps to be compliant and provide you a detailed project plan and help execute it. Here are few laws and regulations that may apply to your organization:

 

US based applicable laws, regulations & standards:

  • Sarbanes-Oxley Act (SOX)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Gramm-Leach-Bliley Act (GLB) Act
  • Electronic Fund Transfer Act, Regulation E (EFTA)
  • Customs-Trade Partnership Against Terrorism (C-TPAT)
  • Free and Secure Trade Program (FAST)
  • Children’s Online Privacy Protection Act (COPPA)
  • Fair and Accurate Credit Transaction Act (FACTA)
  • Cybersecurity Disclosure Act of 2017 (S. 536) 
  • Executive Order (EO) 13636 “Improving Critical Infrastructure Cybersecurity”
  • FFIEC Cybersecurity Assessment

 

Industry-specific guidelines and requirements

  • Federal Information Security Management Act (FISMA)
  • North American Electric Reliability Corp. (NERC) standardsTitle 21 of the Code of Federal Regulations (21 CFR Part 11)
  • Electronic RecordsHealth Insurance Portability and Accountability Act (HIPAA)
  • The Health Information Technology for Economic and Clinical Health Act (HITECH)
  • Patient Safety and Quality Improvement Act (PSQIA, Patient Safety Rule)
  • H.R. 2868: The Chemical Facility Anti-Terrorism Standards Regulation

 

Key state laws

 

International laws

  • Personal Information Protection and Electronic Documents Act (PIPED Act, or PIPEDA) — Canada
  • Law on the Protection of Personal Data Held by Private Parties — Mexico
  • European Union Data Protection Directive; Safe Harbor Act
  • The Cybersecurity Law of the People’s Republic of China
  • General Data Protection Regulation (GDRP) – if you conduct business with EU residents.

Contact us

Please give us a call at 1-214-631-9353 or complete the form below: