Compliance Requirements

While deciding on the proper Wireless Network installation, you also need to consider any any applicable regulatory compliance issues that apply to your organization. What are your your organization's legal obligations to provide a particular level of network security?

Many countries have enacted or strengthened their privacy laws to improve security standards and your organization may be effected.

Some U.S. Regulations

Sarbanes-Oxley Act of 2002 (SOX)

SOX was enacted to improve the accuracy and reliability of corporate disclosure, which in turn protects investors. SOX dictates that companies establish a public organization accounting oversight board, which monitors auditor independence, corporate responsibility, and enhanced financial disclosure. It also provides a way to review the dated legislative audit requirements.

Health Insurance Portability and Accounting Act (HIPAA)

HIPAA addresses healthcare dangers, such as waste, fraud, and abuse in health insurance and healthcare delivery. HIPAA also prohibits companies that use electronic transactions and the Internet from publishing personal health information. (Before HIPAA, some companies were transferring or selling such information for commercial gain.)

Gramm-Leach-Bliley Act (GLBA):

GLBA requires companies to store personal financial information securely, advises consumers of their policies on sharing personal financial information, and gives consumers the option to opt out of some sharing of personal financial information. And while it ended regulations that prevented the merger of banks, stock brokerage companies, and insurance companies, it also mitigates the risks of these mergers for the consumer.

Federal Information Security Management Act of 2002 (FISMA)

FISMA is the primary legislation governing U.S. federal information security. Passed as part of the Homeland Security Act of 2002 and the E-Government Act of 2002, FISMA requires every government agency to secure information and the information systems that support its operations and assets. If the government uses commercially developed security products, those products must offer advanced and effective information security solutions and work in concert with government policies, procedures, and guidelines.

Family Educational Rights and Privacy Act of 1974 (FERPA)

FERPA was enacted to protect student educational records and personal information from unlawful disclosure. The penalty for violating FERPA is loss of all federal funding, including grants and financial aid.

Payment Card Industry Data Security Standard (PCI DSS):

To combat identity theft and breaches, all major credit card companies agreed upon PCI DSS as an industry-wide data-security standard. PCI applies to all members, merchants, and service providers that store, process, or transmit cardholder data, as well as any network component, server, or application included in, or connected to, the cardholder data domain. Companies must use firewalls, message encryption, access controls, and antivirus software. PCI also requires frequent security audits and network monitoring and forbids the use of default passwords.

Other Countries

Here are some other regulations in non-U.S. countries:

  • Germany - Bundesdatenschutzgesetz (Federal Data Protection Act)
  • United Kingdom - Data Protection Act of 1998
  • France - Law 78-17 (revised)
  • Canada - Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Australia - Private Sector Provisions of the Privacy Act 1988 (Cth)
  • Japan - Personal Information Protection Law
Free Consultation