The Sarbanes-Oxley (SOX) Act is a United States federal securities law designed to protect shareholders and the general public from accounting errors and fraudulent practices by publically held companies. Signed into law in 2002, SOX establishes a large number of mandates involving records retention requirements for audit papers, auditor independence, transparency for accounting and criminal penalties relating to fraud, conspiracy and interfering with investigations.

The Sarbanes-Oxley (SOX) Act is a United States federal securities law designed to protect shareholders and the general public from accounting errors and fraudulent practices by publically held companies. Signed into law in 2002, SOX establishes a large number of mandates involving records retention requirements for audit papers, auditor independence, transparency for accounting and criminal penalties relating to fraud, conspiracy and interfering with investigations.

SB 1386 is a California law regulating the privacy of personal information. The law applies to an agency, person or business that conducts business in California and owns or licenses computerized “personal information.” Compliance requires that these entities immediately notify any California resident if they believe the resident’s unencrypted, personal information that they own or license has been disclosed.

The European Commission’s Directive on Data prohibits the transfer of personal data to non-European Union nations that do not meet the European adequacy standard for privacy protection. In response, the U.S. Department of Commerce consulted with the European Commission to develop a “safe harbor” framework as a way for U.S. companies to continue their business dealings with the EU. Certifying to the safe harbor assures EU organizations that U.S. companies provide “adequate” privacy protection, as defined by the EU’s Directive.

PCI DSS is a global security program created to reduce risks to PCI members, merchants, service providers and consumers. The standard is based on 12 data-centric requirements that combine the use of data encryption and end-user access control with activity monitoring and logging. For compliance, support is mandated for all 12 requirements.

More than 650 enterprises and government agencies – including 50 of the Global 500 – rely on CREDANT to ensure security compliance while protecting their brand and enhancing IT and end-user productivity.

The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress in 1996 to safeguard patient identities, medical records, health insurance activities and other protected health information (PHI). The regulation mandates that healthcare plans, clearinghouses and providers take steps to ensure the standardization of electronic patient data, assign unique health identifiers to patients and others, and implement security standards regarding the confidentiality and integrity of patient data.

The Gramm-Leach-Bliley Act (GLBA) was enacted to allow commercial and investment banks to consolidate. The law includes three requirements to protect personal data controlled by financial institutions

The Federal Information Security Management Act (FISMA) provides the framework for securing the federal government’s information technology. All agencies covered by the Paperwork Reduction Act must implement the requirements of FISMA and report annually to the Office of Management and Budget (OMB) and Congress on the effectiveness of the agency’s security programs. The reports must also include independent evaluations by the agency Inspector General.

BITS, the business strategy and technology group for The Financial Services Roundtable, was formed by the CEOs of the largest financial institutions in the U.S. The BITS Product Certification Program was created by financial IT experts, together with technology providers and other stakeholders. It serves as a proactive means to improve the safety and soundness of the products used by leading financial institutions and to help them make informed technology decisions.