Data Center Strategies for the CIO
Table of Contents
1. General Information about Compliance and IT
2. Can-Spam Act of 2003
3. Do Not Call List
4. Sarbanes-Oxley Act of 2002
5. HIPAA
6. Gramm-Leach-Bliley Act
7. California Security Breach Information Act
8. Glossary-to-Go: Compliance
9. Quiz
1. General Information about Compliance
and IT
In this Fast Guide to Regulatory Compliance, we've gathered information about some of the most
relevant legislation and the current status of industry compliance as well as some expert advice on
the fine points.
Expert
predictions: It's all about compliance, security and outsourcing in 2004
Q&A:
How compliance will affect your business
A
holistic approach to compliance
Compliance: The
bottom line for storage
New
regulations spur IT spending, headaches
New
threats, regulatory woes to cause '04 security headaches
Letter
of the law -- more firms hawking compliance tools
Compliance
fears exaggerated, report says
2. Can-Spam Act of 2003
The Can-Spam Act of 2003 is a commonly used name for the United States Federal law more
formally known as S. 877 or the "Controlling the Assault of Non-Solicited Pornography and Marketing
Act of 2003." The law took effect on January 1, 2004. The Can-Spam Act allows courts to set damages
of up to $2 million when spammers break the law. Federal district courts are allowed to send
spammers to jail and/or triple the damages if the violation is found to be willful. Read complete definition for
Can-Spam Act of 2003.
The Federal Communications Commission provides up-to-date information about the Can-Spam Act of 2003.
Related links:
Firms
must follow spirit of anti-spam law
Spam
causing marketers migraines
National
anti-spam law might benefit marketers
3. The "Do Not Call" List
The "Do Not Call" list is a registry of phone numbers in the United States that telemarketers
are prohibited from calling in most circumstances. The list is maintained by the National Do Not
Call Registry of the Federal Trade Commission (FTC), and consumers can contact the agency to have
their numbers registered. Organizations are prohibited from making calls to sell goods or services
to any numbers listed, and are subject to substantial fines if they fail to comply. Read complete definition for "Do
Not Call" List.
The Federal Trade Commission provides up-to-date information about the National Do Not Call Registry.
Related Links:
What,
me worry? Some marketers in dark on regulations
Study:
Execs not ready for 'do not call' revenue loss
'Do
not call' list changes game for marketers
Surviving
marketing's dark days
4. Sarbanes-Oxley Act of 2002
The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation enacted in response to
the high-profile Enron and WorldCom financial scandals to protect shareholders and the general
public from accounting errors and fraudulent practices in the enterprise. The act is administered
by the Securities and Exchange Commission (SEC), which sets deadlines for compliance and publishes
rules on requirements. Sarbanes-Oxley is not a set of business practices and does not specify how a
business should store records; rather, i t defines which records are to be stored and for how long.
Read complete definition
for Sarbanes-Oxley Act of 2002.
The US Securities and Exchange Commission provides up-to-date information about the Sarbanes-Oxley Act of 2002.
Related links:
Seven
steps to Sarbanes-Oxley compliance
Managing corporate records for Sarbanes-Oxley
Part two: Managing corporate records for Sarbanes-Oxley
Study:
Sarbanes-Oxley 'catalyst' for process management
SEC gives nod to
some disk-based archive
5. HIPAA
HIPAA is the United States Health Insurance Portability and Accountability Act of 1996. HIPAA
seeks to establish standardized mechanisms for electronic data interchange (EDI), security, and
confidentiality of all healthcare-related data There are two sections to the Act. HIPAA Title I
deals with protecting health insurance coverage for people who lose or change jobs. HIPAA Title II
includes an administrative simplification section which deals with the standardization of
healthcare-related information systems. Read complete definition for
HIPAA.
The US Department of Health and Human Services provides up-to-date information about HIPAA.
Related links:
Reading
between the HIPAA guidelines
Protect
privacy or jeopardize CRM.
HIPAA prompts
hospitals to reconsider storage
What's the
prognosis on HIPPA?
6. Gramm-Leach-Bliley Act
The Gramm-Leach-Bliley Act (GLB Act), also known as the Financial Modernization Act of 1999, is
a federal law enacted in the United States to control the ways that financial institutions deal
with the private information of individuals. Read complete definition
Gramm Leach Bliley Act ( GLBA ).
The Federal Trade Commission provides up-to-date information about the Gramm-Leach-Bliley Act.
Related links:
Privacy
rule puts new burden on businesses
GLB
Act: Protecting customers and challenging CIOs
Gartner:
Prioritize privacy management now or pay later
7. California Security Breach Information
Act
In the United States, the California Security Breach Information Act (SB-1386) is a California
state law requiring organizations that maintain personal information about individuals to inform
those individuals if the security of their information is compromised. Read
complete definition for California Security Breach Information Act (SB-1386)
The California Offic of Privacy Protection provides up-to-date information about the California Security Breach Information Act.
Related links:
California
screaming: Companies must disclose security breaches
New
California privacy law could impede marketing
Security
legislation: Where's the breach?
8. Glossary-to-Go:
Compliance
Bookmark or print out our glossary
of compliance-related terms.
9. Quiz
Test
your knowledge about compliance vocabulary.
This was first published in March 2003
Join the conversationComment
Share
Comments
Results
Contribute to the conversation