Skip to content

Latest commit

 

History

History
73 lines (57 loc) · 2.97 KB

Laws and Regulations.md

File metadata and controls

73 lines (57 loc) · 2.97 KB

Vendor agreements

Various types of vendor-client agreements and contracts

  • NDA - Non-disclosure agreement - legally binding
  • MOU - Memorandum of understanding - less formal, not legally binding
  • SLA - Service-level agreement - agreement with a service provider on the terms of service
  • ISA - Interconnection Security Agreement - when two entities cooperate with / share data, delineates the terms of technical requirements each side must provide
  • BPA - Business Partnership Agreement - terms of a business relationship between partners

Types of personal data

PII

  • Personally identifying information (PII)
  • any type of data that could specifically identify individuals

PHI

  • Personal Health Information (PHI)

SPI

  • Sensitive personal information
  • information about a subject's opinions, beliefs, and nature

Regulations & Laws

COPPA

#laws #regulations

  • Children's Online Privacy Protection Act (COPPA)
  • Subject: children's protection
  • United States federal law that imposes certain requirements on operators of websites or online services directed to children under 13 years of age

FERPA

  • Family Educational Rights and Privacy Act
  • United States federal law, created in 1974
  • Subject: educational records
  • governs the access to educational information and records by public entities such as potential employers, publicly funded educational institutions, and foreign governments

FISMA

#laws #regulations

  • Federal Information Security Management Act
  • Subject: standards for government information
  • United States federal law that defines a comprehensive framework to protect government information, operations, and assets against natural or man-made threats

GDPR

#laws #regulations #eu

  • GDPR (General Data Protection Regulation) is a regulation that applies to companies that do business in the European Union
  • Subject: EU Consumer rights

GLBA

#laws #regulations #united-states

  • Gramm–Leach–Bliley Act (GLBA
  • also known as the Financial Services Modernization Act of 1999
  • Subject: Financial institutions
  • Financial institutions need inform customers of what information is collected about them, how that information is used, how it’s shared and to whom, and how it’s protected

HIPPA

#laws #regulations #medical

  • Health Insurance Portability and Accountability Act (HIPPA)
  • Subject: health care information
  • United States federal law designed to provide privacy standards to protect patients' medical records and other health information

PCI-DSS

#laws #regulations #payments #credit-cards

  • Payment Card Industry Data Security Standard (PCI-DSS)
  • Subject: credit cards payments data safety
  • compliance requirements for organizations storing credit card information

SOX

#laws #regulations

  • Sarbanes–Oxley (SOX)
  • subject: corporate boards & accounting firms
  • a United States federal law that set new or expanded requirements for all U.S. public company boards, management, and public accounting firms