The California Consumer Privacy Act(CCPA) gives California residents more control over the personal information that businesses collect on them. CCPA applies only to for-profit businesses that do business in California (regardless of where your headquarters is) and meet any of the following requirements.
The Personal Information Protection and Electronic Document Act (PIPEDA) is a regulatory requirement that applies to private sector organizations that collect personal information in Canada. It’s designed to ensure the protection of personal information in the course of commercial business.
SOX standards for Sarbanes-Oxley Act in 2002 and it establishes regulations to protect the public from fraudulent business practices by corporations. It was passed following some large business scandals, where companies like Enron, Tyco and Adelphia used deceptive business practices to trick the public. In order to protect consumers it mandates more transparency in the financial reporting of corporations. It requires companies to have formalized checks and balances to ensure that their reporting is accurate.
GDPR stands for General Data Protection Regulation and it is a privacy law set out by the European Union (EU). It became effective as of May 25th, 2018. Even though it was set out by the EU, it affects all companies that collect information for citizens of the EU. Ernst & Young estimated that the world’s 500 biggest corporations are on track to spend up to $7.8 billion on GDPR compliance.
HIPAA security mandates that you have three types of controls in place: Technical safeguards, physical safeguards and administrative safeguards. Some controls will be “Required” while others will be “addressable”, addressable means that it must be implemented if reasonable and appropriate.
HIPAA stands for Health Insurance Portability & Accountability Act and was passed by Congress in 1996. The privacy aspect of HIPAA is overseen and enforced by the US department of health and human services (HHS) office, starting in April 2003. HIPAA does a few different things, but from a compliance point of view it’s all about mandating the protection of consumer health information, this is referred to as HIPAA privacy regulation.
PCI-DSS stands for payment card industry data security standard. In September 2006, 5 major credit card brands(Visa International, MasterCard, American Express, Discover, and JCB) established the payment card Industry Security Standards Council (PCI-SSC). PCI-SSC created and continues to oversee PCI-DSS, which is an information security standard for organizations that accept or process credit cards in any way.