Legislation and regulation in information security

Listed are some laws/acts in information security to protect certain information


HIPAA is short for Health insurance Portability and Accountability act.It was introduced by united states congress, in 1996.

Objective – To protect confidentiality of patient information in the healthcare sector by providing regulations on how to handle patient iformation and also ensuring continuty of healtcare coverage of all the patients.

There are two sections:

1.HIPAA Title I – Protects healthcare coverage of citizens who are fired or laid off.

2.HIPAA Title II – This is focused more on patient right and how to protect and transmit patient information securely.


SOX is short for Sarbanes-Oxley ACt. It was introdued by united states congrss, in 2002.

Objective – To prevent accounting errors and fradulent practices i the enterprise and improve accuracy of corporate disclosures. This not only includes the finance department but IT as well, since it stores confidential electronic records.

The United States security and Exchange commission (SEC) administers the SOX

For electronics records there are three rules:

First Rule – Deals with penelties related to destruction, alteration or falsification of electronic records.

Second Rule – Deals with deciding retention period for storing records.

Third Rule – Deals with the type of records that are to be stored.


GLBA is short for Gramm-Leach-Bliley Act. It waqs introduced in 1999 by the federal law of United States.

Objecive – To control the manner i which financial institutions deal with the private and confidential information of individuals.

GLBA has three sections:

The Financial Privacy Rule – Collection and disclosure of private financial information.

The safegaurds Rule – Implementation of security programs to protect financial information.

Pretexting provisions- To prohibit accessing private information using false pretenses.
Turnbull Report

Also known as internal Control: Guidance for Directors on the Combined Code, Turnbull report is a report drawn up with the london Stock Exchange for UK listed companies. It was first publisshed in 1999.

Objective – The report informed directors of their obligation under the combined code with regard to keeping good “internal controls” in their companies, or having good auditsand checks to ensure the quality of financial reporting and get hold of any fraud before it becomes a problem.


PCI is short for payment card industry. It was indroduced on 7th september 2006, by American Express, Japan Credit Bureau, Discover Financial Services, Mastercard worldwide and Visa international as the payment card industry Security Standard Council (PCI SSC)
Objective – To offer robust and comprehensive standards and materials supporting it for the bettermentof paymentcard data security.

These materials include a framework of specifications, tools, measurement and support resources to assists organisations in ensuring the safe handling of cardholder information at every step of monetery transactions Of PCI , the keystone is the PCI data security Standard (PCI DSS), which provides a framework specific for developing a robust payment card data security process – including its prevention, detection and appropriate response to security incidents.

Read: https://www.pcisecuritystandards.org/pci_security/

Share This: