Are there laws or regulations to protect data?
There are laws and regulations to regulate how organizations must handle and protect sensitive information. Some of the most notable include the following:
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Payment Card Industry (PCI) Data Security Standard
Family Educational Rights and Privacy Act (FERPA)
There are Breach Notification Laws currently in place in forty-two states and the District of Columbia which govern the notification of an individual whose personal information has, or may have been disclosed. The State of Iowa recently enacted a data breach notification law which went into effect July 1, 2008. The law requires that organizations with a data breach involving personal information notify individuals affected by the breach. The notification provision (set out in Senate File 2308) requires that notices include:
A description of the breach
The date of the breach
The type of personal information disclosed in the breach
Contact information for consumer reporting agencies
Advice for reporting identity theft