Your address will show here +12 34 56 78
  • Text Hover
Privacy and Compliance laws related to Cybersecurity

We can help your organization be in compliant with cybersecurity regulations and legislation
Do you know which regulations relate to you?

Organizations need to be concerned with complying with information security from top to bottom. Regulations are in place that can help an organization improve information security while non-compliance can result in severe fines. It may be difficult for an organization to understand which laws apply and which ones do not because many different sets of laws can apply to one organization and not another. Within the United States, 47 states have laws requiring that organizations provide notice to individuals affected by a security breach. A handful of states further require that organizations implement reasonable security measures to protect certain types of data.
We can help you stay in compliant with security laws, regulations and guidelines. We will identify all the gaps to be compliant and provide you a detailed project plan and help execute it. Here are few laws and regulations that may apply to your organization:
US based applicable laws, regulations & standards:
  • Sarbanes-Oxley Act (SOX)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Gramm-Leach-Bliley Act (GLB)
  • Electronic Fund Transfer Act, Regulation E (EFTA)
  • Customs-Trade Partnership Against Terrorism (C-TPAT)
  • Free and Secure Trade Program (FAST)
  • Children’s Online Privacy Protection Act (COPPA)
  • Fair and Accurate Credit Transaction Act (FACTA)
  • Cybersecurity Disclosure Act of 2017 (S. 536)
  • Executive Order (EO) 13636 “Improving Critical Infrastructure Cybersecurity”
  • FFIEC Cybersecurity Assessment
Industry-specific guidelines and requirements
  • Federal Information Security Management Act (FISMA)
  • North American Electric Reliability Corp. (NERC) standardsTitle 21 of the Code of Federal Regulations (21 CFR Part 11)Electronic Records
  • The Energy Policy Act of 2005 (Energy Policy Act) – NERC
  • Health Insurance Portability and Accountability Act (HIPAA)
  • The Health Information Technology for Economic and Clinical Health Act (HITECH)
  • Patient Safety and Quality Improvement Act (PSQIA, Patient Safety Rule)
  • H.R. 2868: The Chemical Facility Anti-Terrorism Standards Regulation 
Key state laws
  • Massachusetts 201 CMR 17 (aka Mass Data Protection Law)
  • Nevada Personal Information Data Privacy Encryption Law NRS 603A
  • New York State Department of Financial Services (DFS) 23 NYCRR 500
  • There are hundreds of privacy laws among the 50 states. (California alone has more than 25 state privacy and data security laws)
International laws
  • Personal Information Protection and Electronic Documents Act (PIPED Act, or PIPEDA) — Canada
  • Law on the Protection of Personal Data Held by Private Parties — Mexico
  • European Union Data Protection Directive;
  • Safe Harbor Act
  • The Cybersecurity Law of the People’s Republic of China
  • General Data Protection Regulation (GDRP) – if you conduct business with EU residents.