I. Regulations: If any data involved is regulated, or if there are other legal and compliance concerns, state them in this section.
The laws covering the internet are varied and quite complex in the United States with the financial system to the medical system heavily regulated. Starting off the Sarbanes-Oxley was enacted in 2002, the Sarbanes-Oxley Act is designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures. It was enacted after the high-profile Enron and WorldCom financial scandals of the early 2000s. It is administered by the Securities and Exchange Commission, which publishes SOX rules and requirements …show more content…
Next is the Card Industry Data Security Standard (PCI DSS) that is a set of requirements for enhancing security of payment customer account data. It was developed by the founders of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa to help facilitate global adoption of consistent data security measures. PCI DSS includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. Further is the Gramm-Leach-Bliley Act (GLB) Act of 1999, that is also known as the Financial Modernization Act of 1999, the GLB Act includes provisions to protect consumers' personal financial information held by financial institutions. There are three principal parts to the privacy requirements: the Financial Privacy Rule, the Safeguards Rule and pretexting provisions. The final major regulation is the Insurance Portability and Accountability Act (HIPAA) that was in 1996, HIPAA is intended to improve the efficiency and