Course 2 - Mandatory Policies
Unlike individuals, businesses and companies that handle their clients’ data are required, by law, to follow certain policies. Refusal to adhere to these can result in fines which can hinder an organization’s productivity.
HIPAA:
The Health Insurance Portability Accountability Act applies to all organizations that handle private health information of individuals. Organizations that adhere to HIPAA cannot share an individual’s health information to anyone else.
GDPR:
The General Data Protection Regulation protects the data of any EU citizen, regardless of whether or not they are in the EU. Their data cannot be used or shared without their consent.
PCI DSS:
The Payment Card Industry Data Security Standard dictates how companies should protect credit card information. This is especially relevant with major credit card companies.
GLBA:
The Gramm-Leach-Bliley Act requires all financial services or organizations handling financial information to share how they handle their clients’ data. This includes insurance and financial advice companies.