Fast Guide to Regulatory Compliance Be sure to sign up for our Compliance Alertnewsletters!
Table of Contents
1. General Information about Compliance and IT
2. Can-Spam Act of 2003
3. Do Not Call List
4. Sarbanes-Oxley Act of 2002
5. HIPAA
6. Gramm-Leach-Bliley Act
7. California Security Breach Information Act
8. Enabling Compliance
9. Glossary-to-Go: Compliance
10. Quiz
1. General Information about Compliance and IT
Although everyone in IT seems to be talking about compliance, few are actually doing much about it. At least part of the problem is that there's a lot of confusion about what the regulations require and what's necessary to be in compliance with them. We've gathered information about some of the most relevant legislation and the current status of industry compliance as well as some expert advice on the fine points. Expert predictions: It's all about compliance, security and outsourcing in 2004
Q&A: How compliance will affect your business
SearchStorage.com crash course: Compliance
A holistic approach to compliance
Compliance: The bottom line for storage
New regulations spur IT spending, headaches
New threats, regulatory woes to cause '04 security headaches
Letter of the law -- more firms hawking compliance tools
Compliance fears exaggerated, report says
(top)
2. Can-Spam Act of 2003
The Can-Spam Act of 2003 is a commonly used name for the United States Federal law more formally known as S. 877 or the "Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003." The law took effect on January 1, 2004. The Can-Spam Act allows courts to set damages of up to $2 million when spammers break the law. Federal district courts are allowed to send spammers to jail and/or triple the damages if the violation is found to be willful. Read complete definition . The Federal Communications Commission provides up-to-date information about the Can-Spam Act of 2003 . Related links: First Can Spam suit filed .
Firms must follow spirit of anti-spam law
'Can Spam' isn't canning spam
Face-off: The Can Spam Act
Spam causing marketers migraines
National anti-spam law might benefit marketers
(top)
3. The "Do Not Call" List
The "Do Not Call" list is a registry of phone numbers in the United States that telemarketers are prohibited from calling in most circumstances. The list is maintained by the National Do Not Call Registry of the Federal Trade Commission (FTC), and consumers can contact the agency to have their numbers registered. Organizations are prohibited from making calls to sell goods or services to any numbers listed, and are subject to substantial fines if they fail to comply. Read complete definition. The Federal Trade Commission provides up-to-date information about the National Do Not Call Registry. Related Links: What, me worry? Some marketers in dark on regulations
Study: Execs not ready for 'do not call' revenue loss
'Do not call' list changes game for marketers
MCI signs on partners for 'do not call' compliance
Surviving marketing's dark days
(top)
4. Sarbanes-Oxley Act of 2002
The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. The act is administered by the Securities and Exchange Commission (SEC), which sets deadlines for compliance and publishes rules on requirements. Sarbanes-Oxley is not a set of business practices and does not specify how a business should store records; rather, it defines which records are to be stored and for how long. Read complete definition. The US Securities and Exchange Commission provides up-to-date information about the Sarbanes-Oxley Act of 2002. Related links: Seven steps to Sarbanes-Oxley compliance
Sarbanes-Oxley and your company
Learn SOX compliance from the DoD
Sarbanes-Oxley reading list
Sarbanes-Oxley compliance still a headache for some
Webcast: Make your storage Sarbanes-Oxley compliant
SEC pushes back Sarbanes-Oxley section deadline
Study: Sarbanes-Oxley 'catalyst' for process management
Tapping CRM for Sarbanes-Oxley compliance
Best Web Links for Sarbanes-Oxley
What are some steps to making my storage SOX compliant?
SEC gives nod to some disk-based archive
(top)
5. HIPAA
HIPAA is the United States Health Insurance Portability and Accountability Act of 1996. HIPAA seeks to establish standardized mechanisms for electronic data interchange (EDI), security, and confidentiality of all healthcare-related data There are two sections to the Act. HIPAA Title I deals with protecting health insurance coverage for people who lose or change jobs. HIPAA Title II includes an administrative simplification section which deals with the standardization of healthcare-related information systems. Read complete definition. The US Department of Health and Human Services provides up-to-date information about HIPAA . Related links: HIPAA (The Health Insurance Portability and Accountability Act) Final Standards for Privacy of Individually Identifiable Health Information
Final HIPAA security rules offer broad guidance
Reading between the HIPAA guidelines
How to get management to accept HIPAA compliance
Protect privacy or jeopardize CRM.
Privacy, security and HIPAA
HIPAA taps IT spending
Commentary: HIPAA compliance doesn't come in a box
HIPAA prompts hospitals to reconsider storage
What's the prognosis on HIPPA?
(top)
6. Gramm-Leach-Bliley Act
The Gramm-Leach-Bliley Act (GLB Act), also known as the Financial Modernization Act of 1999, is a federal law enacted in the United States to control the ways that financial institutions deal with the private information of individuals. Read complete definition . The Federal Trade Commission provides up-to-date information about the Gramm-Leach-Bliley Act . Related links: Privacy rule puts new burden on businesses
GLB Act: Protecting customers and challenging CIOs
Protecting the privacy of customer information
A proposal for the credit card merchants to achieve compliance with the Gramm-Leach-Bliley Act
Gartner: Prioritize privacy management now or pay later
(top)
7. California Security Breach Information Act
In the United States, the California Security Breach Information Act (SB-1386) is a California state law requiring organizations that maintain personal information about individuals to inform those individuals if the security of their information is compromised. Read complete definition. The California Offic of Privacy Protection provides up-to-date information about the California Security Breach Information Act . Related links: California Security Breach Information Act (SB-1386)
The FAQs about SB-1386
California screaming: Companies must disclose security breaches
New California privacy law could impede marketing
Security legislation: Where's the breach?
(top)
8. Enabling Compliance
Has recent legislation affected your IT department? We've asked our experts how you should get started. Where to put your compliance dollars
Webcast: The best practices for enabling compliance
Compliance chief 'joined at hip' with CIO
Compliance: The effect on information management and the storage industry
Compliance shouldn't limit your choice of technology
How your backup choices impact compliance
Ask our compliance expert your own compliance-related question.
(top)
9. Glossary-to-Go: Compliance
Bookmark or print out our glossary of compliance-related terms.
(top)
10. Quiz
Test your knowledge about compliance vocabulary.
(top)
|
|
|
| Last updated on: Jan 27, 2006 |
|
Are you a Know-IT-All?
Who invented the mouse?
Answer
|
|
|
|
|
