The Applimation Solution: Informia Secure and Subset
Applimation addresses data privacy and compliance regulations such as HIPAA, FERPA, Gramm-Leach Bliley Act, PCI DSS, FACTA, The Privacy Act of 1974 and the European Union (EU) Data Protection Act by providing the following educational briefs. These briefs supply you with an outline of the regulation, impacts, consequences, current real life examples and the solution to enable data privacy within your non-production environment. Find out what regulations are applicable to you by reading these FREE downloadable briefs.
HIPAA Overview
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was designed to improve access to health insurance, reduce fraud and abuse and lower the overall cost of healthcare in the United States. As a key provision, the Security Rule requires organizations to use appropriate safeguards to protect the confidentiality, integrity and availability of individually identifiable health information that relates to an individual’s physical or mental health or condition, their provision of health care and their payment for that care.
The Family Education and Privacy Act was enacted by Congress to protect the privacy of student educational records. The Family Educational Rights and Privacy Act (FERPA) is a federal law that affords parents the right to have access to their children's education records, the right to seek to have the records amended, and the right to have some control over the disclosure of personally identifiable information from the education records. When a student turns 18 years old, or enters a postsecondary institution at any age, the rights under FERPA transfer from the parents to the student.
The GRAMM Leach Bliley Act (GLBA) requires companies defined under law as financial institutions to ensure the security and confidentiality of non-public, personal information. GLBA compliance is mandatory and as a part of its implementation, the Federal Trade Commission (FTC) issued the Safeguard Rule which requires financial institutions under the FTC jurisdiction to have measures in place to protect information from prospective threats in security and data integrity.
The Payment Card Industry (PCI) and Data Security Standards (DSS) is a comprehensive security standard that encompasses security management, policies, procedures, network architecture, software design and other critical protective measures. These security standards revolve around protecting card holder data such as credit card numbers, pins, card holder names, addresses and other sensitive authentication data. The PCI DSS was introduced by the PCI security standards council which was founded by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International.
The Fair Credit Reporting Act (FCRA) regulates the collection, dissemination and use of consumer credit information. Consumer reporting agencies collect records about an individual’s financial activity such as loans, status of credit card payments, debt which is in turn used by lenders to gauge a consumer’s credit value. The Fair and Accurate Credit Transaction Act of 2003 (FACTA), added provisions to help consumers fight the growing crime of identity theft. FACTA addresses issues concerning the accuracy, privacy, information sharing and the rights consumers have regarding the disclosure of information in their files that consumer reporting agencies maintain. FACTA requires consumer reporting agencies to adopt reasonable procedures to protect the confidentiality, accuracy, relevancy and proper utilization of consumer credit information.
The Privacy Act of 1974 regulates the Federal Executive Branch agencies collection, maintenance, use and dissemination of personal information. Federal agencies require personal information to properly administrate government programs such as Medicare, Medicaid, health services, and veteran’s benefits as well as information on their employees for the proper administration of payroll and other human resource activities.
Requirements under this act include protocols for disclosure of private information, access and administrative rights to request amendments to personal information as well as guidance on which personal data can be maintained.
The EU Data Protection Directive was established to provide a regulatory framework to protect individuals with regard to the processing of personal data and on the free movement of such data within the EU member countries. The Directive defines personal data is defined as any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
