Data storage compliance standards have been set-up over the years to protect organizations’ vital information. While making sure you and your organization are compliant you can help save your organization from lawsuits and protect your directors and officers from being held personally liable if data is compromised. Below you’ll find information about just a few of the main bodies of data storage compliance standards:
The Health Insurance Portability and Accountability Act (also known as HIPAA)
HIPAA provides national standards to protect the privacy of personal health information. To improve the efficiency and effectiveness of the health care system, HIPAA included “Administrative Simplification” provisions that required HHS (US Department of Health and Human Services) to establish national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.
August 1996 – HIPAA was enacted by the United States Congress and signed by President Clinton.
The Sarbanes-Oxley Act of 2002 (also known as SOX)
SOX introduced major changes to the regulation of financial practice and corporate governance of publicly held companies and impacts how they secure, access, recover and validate stored data. The act covers issues such as establishing a public company accounting oversight board, auditor independence, corporate responsibility and enhanced financial disclosure. It also significantly tightens accountability standards for directors and officers, auditors, securities analysts and legal counsel. The law is named after Senator Paul Sarbanes and Representative Michael G. Oxley.
July 2002 – The Sarbanes-Oxley Act was signed into law by President Bush.
Payment Card Industry Data Security Standard (also known as PCI DSS)
PCI DSS originally began as five different programs. Each program’s intentions were similar: to create an additional level of protection for card issuers by ensuring that merchants meet minimum levels of security when they store, process and transmit cardholder data. The PCI SSC (Payment Card Industry Security Standards Council) created PCI DSS to provide an actionable framework for developing a robust payment card data security process that includes prevention, detection and appropriate reaction to security incidents.
December 2004 – The PCI SSC was formed. The 5 original programs aligned their individual policies and released version 1.0 of the Payment Card Industry Data Security Standard (PCI DSS). These 5 original programs were set up by the council’s founding members: American Express, Discover Financial Services, JCB International, Mastercard,and Visa, Inc.
Since then, new versions were put out to provide clarification, minor revisions, improved flexibility, consistency, and addressed evolving risks and threats in September 2006 (version 1.1), October 2008 (version 1.2), July 2009 (version 1.2.1), and October 2010 (version 2.0)
Version 3.0 was released in November 2013. This version is active from January 1st, 2014 – December 31st, 2017.
Keep in mind that there are many other data storage compliance state and federal standards and regulations. The above compliance standards are just a few to give you an idea of the scope of the standards and also to inform you of their relatively recent creation.
To learn more about Perpetual Storage and its service offering, please download our brochure.