Are there Laws or Regulations to Protect Data?

Answer: 

There are laws and regulations to regulate how organizations must handle and protect sensitive information. Some of the most notable include the following:

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Payment Card Industry (PCI) Data Security Standard

Family Educational Rights and Privacy Act (FERPA)

There are Breach Notification Laws currently in place in forty-two states and the District of Columbia which govern the notification of an individual whose personal information has, or may have been disclosed. The State of Iowa recently enacted a data breach notification law which went into effect July 1, 2008. The law requires that organizations with a data breach involving personal information notify individuals affected by the breach. The notification provision (set out in Senate File 2308) requires that notices include:

A description of the breach

The date of the breach

The type of personal information disclosed in the breach

Contact information for consumer reporting agencies

Advice for reporting identity theft

Printed from the Information Security Division website on November 27, 2020 at 5:33pm.