With federal legislation acting as the catalyst for more stringent, industry-specific policies regarding privacy and the disposal of confidential information, states have been increasingly writing their own regulations into law in the form of state legislation. Some states have enacted their own information security legislation. Where no state legislation exists, federal law takes precedence.
What you need to know and how you are affected by new state regulations.
Family Educational Rights and Privacy Act (FERPA)
The federal law that protect the rights of student`s educational records, Family Educational Rights and Privacy Act (FERPA), gives parents and “eligible students” the right to inspect and review a student’s educational records, correct inaccurate or misleading records, the right to a hearing upon the denial of amending a record and the right to place a dispute statement about the contested information.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA was created as an aid against fraud and abuse in the health insurance industry. A Rule setting national standards for the protection of individually identifiable health information by healthcare providers.
The Florida Unlawful Use of Personal Identification Act (UPIA)
A law protecting any fradulent use of Personal identification. This can be punishable as a third degree felony.
The Illinois Personal Information Protection Act (PIPA)
A protection act Illinois residents the misuse of their personal information. Data collectors must notify a person if there has been any breaches to secuirty systems.
The New Jersey Identity Theft Protection Act (ITPA)
Any New Jersey business operating and maintaing records of personal information must destroy, or arrange the destruction of customer’s records after they are no longer required.
North Carolina Identity Theft Protection Act (ITPA)
A protection act for North Carolina residents from the misuse of their personal information. This Act outlines the protection required by businesses operating in the state for personal information and how the information is disposed of.
The Pennsylvania Breach of Personal Information Notification Act (BPINA)
The Act requires providing notification to residents whose personal information data was or may have been disclosed due to a security system breach; and imposing penalties.
The New York Information Security Breach and Notification Act (ISBNA)
A mandate for the protection of personal information by businesses perating in New York and outlines their obligations to customers.
The Texas Information Disposal Act (IDA)
When a business disposes of a business record that contains personal identifying information of a customer, the business must modify, by shredding, erasing, or other means, the personal identifying information to make it unreadable or undecipherable.
The Gramm-Leach-Bliley Act (GLBA)
The Act addresses concerns relating to consumer financial privacy by protecting their information that is held by the financial institutions.
The Fair and Accurate Credit Transactions Act (FACTA)
Businesses and individuals must take “reasonable measures” to ensure consumer private information does not fall into the wrong hands.
General Data Protection Regulation (GDPR)
Replaces the Data Protection Directive of 1995. Acts as the new, overarching legislation concering the companies that manage and protect personal data belonging to citizens of the European Union.
Health Information Technology for Economic and Clinical Health (HITECH)
Promotes the adoption and meaningful use of health information technology. Also addresses the privacy and security concerns associated with the electronic transmission of health information
Red Flag Rules and Current Privacy Legislation
Fights against identity theft. This rule tells you how to develop, implement, and administer an identity theft prevention program.