Regulations by Industry
As businesses increasingly rely on new technology and new devices to conduct day-to-day operations, that means that an increasing amount of data that flows through organizational networks also increases. In order to maintain competitive fairness across industries, legal mandates have been imposed on many of these industries.
These mandates were specifically developed according to the types of data that the industry deals with – such as medical records within the healthcare industry, or document audit trails within the financial industry. The mandates mentioned here are for public companies that answer to tax-paying citizens and/or shareholders – groups that usually demand transparency.
Believe it or not, our government does sometimes try to put an emphasis on simplifying processes and improving cross-agency collaboration. In order to support such collaboration, regulations that ensure data security needed to be implemented and be applicable to every kind of software and hardware and any combination thereof.
Main Regulation: Federal Information Security Management Act of 2002 (FISMA) requires that all networked devices – be it a computer or a printer – meet strict information security guidelines. The act requires organizational administrators and directors to conduct annual reviews of all information security programs, with the intent of keeping risks at or below specified acceptable levels in a cost-effective, timely and efficient manner.
Financial institutions were some of the first to conduct business electronically and continue to be early adaptors of the newest technologies. As such, they typically face critical issues in IT security before most other industries.
Main Regulation: The Gramm-Leach-Bliley Act of 1999 (GLBA) was developed to control the ways that financial institutions deal with the private information of individuals. It stipulates that organizations must complete a risk analysis on their current processes and implement firewalls, user access, monitor printing, and more.
Not unlike financial information, patient information and other medical data are often considered a major security concern. Since this kind of sensitive data is almost always shared electronically, one of the strongest and strictest set of regulations was developed for the healthcare industry.
Main Regulation: The Health Insurance Portability and Accountability Act of 1996 (HIPAA) forces all healthcare organizations to uniformly manage data to protect patient information and privacy at all times. Enforcement activities include complaint investigation, compliance reviews, and continued education.
Although they may be slower than some other industries at adopting certain technologies, education institutions have adopted the online data-sharing technologies at a brisk rate for things like applications, class notes, medical records, etc. Even though cybercriminals might not view this kind of data as desirable as some other kinds, this electronic environment is just as vulnerable to security threats.
Main Regulation: The Family Education Rights and Privacy Act (FERPA) protects the privacy of student education records and prohibits the disclosure of personally identifiable education information without the written permission of the student or their guardian.
Of course these are not the only mandates that apply to these industries, but they are the highest-profile ones that also encourage the use of data and document management programs to enforce compliance.