Laws & Policies Covering Personal Information
FACTA "Red Flag Rules" - MIT Identity Theft Prevention Program under the FTC Red Flags Rule.
Laws and Regulations in Massachusetts
Massachusetts State Breach Notification Law - This 2007 law outlines when businesses and government agencies should notify residents of data breaches.
Massachusetts State Breach Regulations - The standards accompanying Massachusetts Data Breach Law (201 CMR 17.00) were approved in Sept. 2008, and are effective 3/1/2010.
Laws and Regulations by the Federal Government
Family Educational Rights and Privacy Act (FERPA) - Student records are covered by the requirements of this act.
Payment Credit Industry Data Security Standards (PCI DSS) - Personal credit card information is covered by these data security standards and apply to anyone who is a merchant or handles credit card and debit card transactions.
Health Insurance Portability and Accountability Act (HIPAA) - Discribes protections for health information.
Gramm Leach Bliley Act (GLBA) - Requires financial institutions to protect nonpublic personal information.
Security Breach Notification Laws by State - Most of the US states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information.