LEGISLATIVE GUIDE

by Geography*
Security Initiative Overview EU NA AP RW
21 CFR Part 11 FDA regulated companies  
=
   
Arkansas SB 1167 + 32 other state Notification Laws Arkansas Residents to be notified immediately if their personal identifiable information has been subject to unauthorized access  
=
   
BBB Online (privacy standards) Better Business practices for websites
=
=
=
=
BS7799/ IS 17799 Information on how to build, operate, maintain and improve an Information Security Management System
=
=
=
=
California SB 1386 California Residents to be notified immediately if their personal identifiable information has been subject to unauthorized access  
=
   
Children's Online Privacy Protection Act (COPPA) Privacy protections for information about children  
=
   
COBiT Generally applicable and accepted standard for good (IT) security
=
=
 
 
Data Protection Act 1998 (UK) Protection of sensitive personal data for UK Residents
=
 
 
 
E-Signatures Act Use of electronic records and signatures in interstate and foreign commerce by ensuring the validity and legal effect of contracts entered into electronically
=
=
=
=
European Union (EU) Data Privacy Directive Rules that address the handling of all types of personal data
=
 
 
 
Family Educational Rights and Privacy Act (FERPA)  
 
=
 
 
Federal Energy Regulatory Commission (FERC) Regulations for Energy Companies
 
=
 
 
Federal Information Security Management Act (FISMA) Framework for enhancing the effectiveness of information security in the federal government.
 
=
 
 
Freedom of Information Act (FOIA) Exemption Trade secrets, commercial information
 
=
 
 
Gramm-Leach-Bliley Act (GLBA) Preservation of confidentiality of personal financial data
=
=
 
 
Health Insurance Portability & Accountability Act (HIPAA) Healthcare providers to preserve confidentiality of medical records
 
=
 
 
Interactive Advertising Bureau Online Marketing standards
 
 
 
 
(ISBA) Standards  
 
 
 
 
Sarbanes-Oxley Act (SOX) Availability Internal Controls  
=
   
Statement of Auditing Standards (SAS) No. 70 Pertaining to Service Organizations  
=
   
TRUSTe Privacy Standards Open disclosure of usage of information collected by websites
=
=
=
=
US National Do Not Call (DNC) Registry Telemarketing regulation  
=
   
USA Patriot Act    
=
   
WebTrust e-Commerce standards comprised of prevailing best practices and requirements from around the world
=
=
=
=
XML Standards Information Storage and Exchange
=
=
=
=
*This guide is not intended to be used as legal advice, but to be used as an informational tool