Browse Definitions:
Reference

Fast Guide to Regulatory Compliance

   

    General Information about Compliance and IT
    Can-Spam Act of 2003
    Do Not Call List
    Sarbanes-Oxley Act of 2002 (SOX)
    United States Health Insurance Portability and Accountability Act (HIPAA)
    Gramm-Leach-Bliley Act (GLBA)
    California Security Breach Information Act
    Electronic Communications Privacy Act (ECPA)
    Fair Credit Reporting Act (FCRA)
    The Children's Online Privacy Protection Act (COPPA)
    Enabling Compliance
    Glossary-to-Go: Compliance
    Quiz

 

tagGeneral Information about Compliance and IT Table of Contents

Although everyone in IT seems to be talking about compliance, few are actually doing much about it. At least part of the problem is that there's a lot of confusion about what the regulations require and what's necessary to be in compliance with them. We've gathered information about some of the most relevant legislation and the current status of industry compliance as well as some expert advice on the fine points.

Compliance management: How to keep the IT auditors away

Software audit painful and costly for the noncompliant

Expert predictions: It's all about compliance, security and outsourcing in 2004

Q&A: How compliance will affect your business

SearchStorage.com crash course: Compliance

A holistic approach to compliance

Compliance: The bottom line for storage

New regulations spur IT spending, headaches

New threats, regulatory woes to cause '04 security headaches

Letter of the law -- more firms hawking compliance tools

Compliance fears exaggerated, report says

(top)

 

tag  Can-Spam Act of 2003 Table of Contents

The Can-Spam Act of 2003 is a commonly used name for the United States Federal law more formally known as S. 877 or the "Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003." The law took effect on January 1, 2004. The Can-Spam Act allows courts to set damages of up to $2 million when spammers break the law. Federal district courts are allowed to send spammers to jail and/or triple the damages if the violation is found to be willful. Read the complete definition for Can-Spam Act of 2003 at WhatIs.com.

The Federal Communications Commission provides up-to-date information about the Can-Spam Act of 2003.

Related links:

Is the CAN-SPAM Act a help or a hindrance?

First Can-Spam suit filed.

Firms must follow spirit of anti-spam law

'Can-Spam' isn't canning spam

Face-off: The Can-Spam Act

Spam causing marketers migraines

National anti-spam law might benefit marketers

(top)

 

tag  The "Do Not Call" List Table of Contents

The "Do Not Call" list is a registry of phone numbers in the United States that telemarketers are prohibited from calling in most circumstances. The list is maintained by the National Do Not Call Registry of the Federal Trade Commission (FTC), and consumers can contact the agency to have their numbers registered. Organizations are prohibited from making calls to sell goods or services to any numbers listed, and are subject to substantial fines if they fail to comply. Read the complete definition for the do not call list.

The Federal Trade Commission provides up-to-date information about the National Do Not Call Registry.

Related Links:

What, me worry? Some marketers in dark on regulations

Study: Execs not ready for 'do not call' revenue loss

'Do not call' list changes game for marketers

MCI signs on partners for 'do not call' compliance

Surviving marketing's dark days

(top)

 

tag  What is generally required by SOX? Table of Contents

The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. The act is administered by the Securities and Exchange Commission (SEC), which sets deadlines for compliance and publishes rules on requirements. Sarbanes-Oxley is not a set of business practices and does not specify how a business should store records; rather, it defines which records are to be stored and for how long. Read complete definition.

The US Securities and Exchange Commission provides up-to-date information about the Sarbanes-Oxley Act of 2002.

Related links:

FAQ: What is the impact of Sarbanes-Oxley on IT operations?

Seven steps to Sarbanes-Oxley compliance

Sarbanes-Oxley and your company

Learn SOX compliance from the DoD

Sarbanes-Oxley reading list

Sarbanes-Oxley compliance still a headache for some

Webcast: Make your storage Sarbanes-Oxley compliant

SEC pushes back Sarbanes-Oxley section deadline

Study: Sarbanes-Oxley 'catalyst' for process management

Tapping CRM for Sarbanes-Oxley compliance

Best Web Links for Sarbanes-Oxley

What are some steps to making my storage SOX compliant?

SEC gives nod to some disk-based archive

(top)

 

tag  What are the penalties for noncompliance? Table of Contents

HIPAA is the United States Health Insurance Portability and Accountability Act of 1996. HIPAA seeks to establish standardized mechanisms for electronic data interchange (EDI), security, and confidentiality of all healthcare-related data There are two sections to the Act. HIPAA Title I deals with protecting health insurance coverage for people who lose or change jobs. HIPAA Title II includes an administrative simplification section which deals with the standardization of healthcare-related information systems. Read complete definition.

The US Department of Health and Human Services provides up-to-date information about HIPAA.

Related links:

Is a lack of employee privacy a HIPAA violation?

HIPAA (The Health Insurance Portability and Accountability Act) Final Standards for Privacy of Individually Identifiable Health Information

Final HIPAA security rules offer broad guidance

Reading between the HIPAA guidelines

How to get management to accept HIPAA compliance

Protect privacy or jeopardize CRM.

Privacy, security and HIPAA

HIPAA taps IT spending

Commentary: HIPAA compliance doesn't come in a box

HIPAA prompts hospitals to reconsider storage

What's the prognosis on HIPPA?

(top)

 

tag  The Gramm-Leach-Bliley Act Table of Contents

The Gramm-Leach-Bliley Act (GLB Act), also known as the Financial Modernization Act of 1999, is a federal law enacted in the United States to control the ways that financial institutions deal with the private information of individuals. Read complete definition.

The Federal Trade Commission provides up-to-date information about the Gramm-Leach-Bliley Act.

Related links:

Insuring compliance: Nationwide tackles GLBA

GLBA risk assessment steps to success

GLBA's focus on data security has helped financial services, say industry observers

Privacy rule puts new burden on businesses

GLB Act: Protecting customers and challenging CIOs

Protecting the privacy of customer information

A proposal for the credit card merchants to achieve compliance with the Gramm-Leach-Bliley Act

Gartner: Prioritize privacy management now or pay later

(top)

 

tag  The California Security Breach Information Act Table of Contents

In the United States, the California Security Breach Information Act (SB-1386) is a California state law requiring organizations that maintain personal information about individuals to inform those individuals if the security of their information is compromised. Read the complete definition for the California Security Breach Information Act.

The California Office of Privacy Protection provides up-to-date information about the California Security Breach Information Act.

Related links:

California Security Breach Information Act (SB-1386)

The FAQs about SB-1386

California screaming: Companies must disclose security breaches

New California privacy law could impede marketing

Security legislation: Where's the breach?

(top)

 

tag  The Electronic Communications Privacy Act (ECPA) Table of Contents

In the United States, the Electronic Communications Privacy Act (ECPA) is a United States federal statute that prohibits a third party from intercepting or disclosing communications without authorization. The Act, which was originally passed as an amendment to the Wiretap Act of 1968, applies to both government employees and private citizens. It protects communications in storage as well as in transit. Read the complete definition for the Electronic Communications Privacy Act (ECPA)

USIIA.org provides up-to-date information about the the Electronic Communications Privacy Act

(top)

 

tag  The Fair Credit Reporting Act (FCRA) Table of Contents

The Fair Credit Reporting Act (FCRA) is United States federal legislation that promotes accuracy, fairness and privacy for data used by consumer reporting agencies. Consumer reporting agencies include credit bureaus and financial agencies -- such as those that sell information about rental history records. Read the complete definition for Fair Credit Reporting Act (FCRA).

For up-to-date information about the FCRA, visit FTC.gov.

(top)

 

tag  The Fair Credit Reporting Act (FCRA) Table of Contents

The Children's Online Privacy Protection Act (COPPA) is a law created to protect the privacy of children under 13. The Act was passed by the U.S. Congress in 1998 and took effect in April 2000. COPPA is managed by the Federal Trade Commission (FTC). Read the complete definition for COPPA.

For up-to-date information about the FCRA, visit FTC.gov.

(top)

 

tag  Enabling Compliance Table of Contents

Has recent legislation affected your IT department? We've asked our experts how you should get started.

Where to put your compliance dollars

Webcast: The best practices for enabling compliance

Compliance chief 'joined at hip' with CIO

Compliance: The effect on information management and the storage industry

Compliance shouldn't limit your choice of technology

How your backup choices impact compliance

Ask our compliance expert your own compliance-related question.

(top)

 

tag  Glossary-to-go Table of Contents

Bookmark or print out our glossary of compliance-related terms.

(top)

 

tag  Quiz Table of Contents

Test your knowledge of compliance vocabulary.

(top)

This was last updated in August 2009

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

SearchCompliance

  • PCAOB (Public Company Accounting Oversight Board)

    The Public Company Accounting Oversight Board (PCAOB) is a Congressionally-established nonprofit that assesses audits of public ...

  • cyborg anthropologist

    A cyborg anthropologist is an individual who studies the interaction between humans and technology, observing how technology can ...

  • RegTech

    RegTech, or regulatory technology, is a term used to describe technology that is used to help streamline the process of ...

SearchSecurity

  • application whitelisting

    Application whitelisting is the practice of identifying applications that have been deemed safe for execution and restricting all...

  • security

    Security, in information technology (IT), is the defense of digital information and IT assets against internal and external, ...

  • insider threat

    An insider threat is a malicious hacker (also called a cracker or a black hat) who is an employee or officer of a business, ...

SearchHealthIT

  • athenahealth Inc.

    Based in Watertown, Mass., athenahealth Inc. is a leading vendor of cloud-based EHRs for small to medium-sized physician ...

  • Affordable Care Act (ACA or Obamacare)

    The Affordable Care Act (ACA) is legislation passed in 2010 that changed how uninsured Americans enroll in and receive healthcare...

  • HIPAA Privacy Rule

    The Standards for Privacy of Individually Identifiable Health Information, commonly known as the HIPAA Privacy Rule, establishes ...

SearchDisasterRecovery

  • data recovery

    Data recovery restores data that has been lost, accidentally deleted, corrupted or made inaccessible. Learn how data recovery ...

  • disaster recovery plan (DRP)

    A company's disaster recovery policy is enhanced with a documented DR plan that formulates strategies, and outlines preparation ...

  • fault-tolerant

    Systems with integrated fault tolerance are designed to withstand multiple hardware failures to ensure continuous availability.

SearchStorage

  • object storage

    Object storage, also called object-based storage, is an approach to addressing and manipulating units of storage called objects, ...

  • data deduplication

    Deduplication retains one unique data instance to reduce storage and bandwidth consumed by remote backups, replication and ...

  • byte

    In most computer systems, a byte is a unit of data that is eight binary digits long. Bytes are often used to represent a ...

SearchSolidStateStorage

  • flash file system

    Flash file systems are designed specifically for memory devices. A well-designed flash device and flash file system ensure ...

  • IOPS (input/output operations per second)

    IOPS measures the maximum number of reads and writes to non-contiguous storage. It is not an actual benchmark since vendor ...

  • eMMC (embedded MultiMediaCard)

    An embedded MultiMediaCard (eMMC) is a small storage device made up of NAND flash memory and a simple storage controller.

SearchCloudStorage

  • RESTful API

    A RESTful application program interface breaks down a transaction to create a series of small modules, each of which addresses an...

  • cloud storage infrastructure

    Cloud storage infrastructure is the hardware and software framework that supports the computing requirements of a private or ...

  • Zadara VPSA and ZIOS

    Zadara Storage provides block, file or object storage with varying levels of compute and capacity through its ZIOS and VPSA ...

Close