Organizations are subject to a number of regulatory and standards compliance requirements. Some, like the Payment Card Industry Data Security Standard (PCI DSS) affect only organizations that do credit card transactions. Others, like the European Union’s General Data Protection Regulation (GDPR), affect every organization with European customers that collects personal data. There are also regulations, like Health, Insurance Portability and Portability and Accountability Act of 1996 (HIPAA), that affect multiple industries (healthcare, academic, insurance, government entities and more.) Regardless of its reach, Fortinet is committed to ensuring that their products help you demonstrate compliance with applicable regulatory statutes, as well as internal compliance initiatives.
- Payment card Industry Data Security Standard (PCI-DSS) Established by Visa, MasterCard, Discover, and American Express in 2004, its goal is to protect cardholder data and reduce credit card fraud. These policies and procedures should be followed by every organization that accepts credit cards.
- Health Insurance Portability and Accountability Act (HIPAA) One section of this government regulation from 1996 covers privacy of patient data. Covered entities must ensure patient information is kept safe while in storage and transit.
General Data Protection Regulation (GDPR) Enacted by the EU in 2016 and taking effect May 25, 2018, this law requires any organization in the world that collects data on EU residents, to protect that data.
- Children’s Internet Protection Act (CIPA) Passed by Congress in 2000, CIPA requires K-12 schools and libraries that receive E-rate discounts keep students from being exposed to inappropriate Internet content.
- Family Educational Rights and Privacy Act (FERPA) This 1974 federal law requires all schools receiving funds from the U.S. Department of Education keep student data secure.
- Privacy Amendment (Notifiable Data Breaches) Act 2017 This amendment to Australia’s Privacy Act 1988 takes effect February, 22, 2018. It requires organizations to notify individuals suspected to be at risk of serious harm due to a data breach.