Current US Federal Data Laws Addressing
Data Privacy, Security, and Governance
    -see also the US National Data Law
     currently being considered by Congress

Click on the name of a law to open a detail page.

CALEA

Specifies statutory obligation of telecommunications carriers to assist law enforcement in executing electronic surveillance pursuant to court order or other lawful authorization.


The Can-Spam Act of 2003

The CAN-SPAM Act of 2003 is a US law that dictates new rules for companies that send out spam email and penalties for those companies that do not abide by these new rules.


Do Not Call Registry

Provides a way for individuals to register their phone numbers so that telemarketers cannot call.


Drivers Privacy Protection Act of 1994 (DPPA)

This law puts limits on disclosures of personal information in records maintained by departments of motor vehicles.


Fair Credit Reporting Act

This act establishes procedures for correcting mistakes on your credit record and requires that your record only be provided for legitimate business needs.


Family Educational Rights and Privacy Act of 1974 (FERPA)

This law puts limits on disclosure of educational records maintained by agencies and institutions that receive federal funding.


Financial Integrity Act (FMFIA)

"SOX for the federal government" - requires executive agencies to establish and evaluate internal accounting and administrative controls.


FISMA

Establishes security objectives for information and information systems for federal agencies.


Government Paperwork Elimination Act

Requires the government to, whenever possible, to use electronic forms and filings.


Gramm-Leach-Bliley Act (GLB)

Protect the financial information of consumers.


Help America Vote Act of 2002 (HAVA)

Sets requirements for US voting mechanisms and election data.


HIPAA

This privacy rule regulates the security and confidentiality of patient information.


Homeland Security Act of 2002

Created the Department of Homeland Security and many data-related requirements.


NASD Rule 3110

Sets requirements for how members of the National Association of Securities Dealers (NASD) must control customer account information.


PCI Data Security Standard

A comprehensive set of requirements for enhancing payment account data security.


Sarbanes-Oxley Act of 2002

The Sarbanes-Oxley Act of 2002 introduced (among other provisions) sweeping reforms for how publically-traded organizations manage, protect, and report on financial data.


SEC Rule 17a-4

SEC rules 17a-3 and 17a-4 specify the type of data records for securities transactions to be created and maintained by broker-dealers.


The Patriot Act

The USA Patriot Act dramatically expanded the authority of U.S. law enforcement agencies for the stated purpose of fighting terrorism in the United States and abroad. It has many provisions, including ones that affect data and information and how it is used.


Title 21 Code of Federal Regulations (21 CFR Part 11)

Allows for electronic signatures and records to be kept instead of handwritten papers.

Copyright 2004-2008 The Data Governance Institute, LLC. All Rights Reserved
The site is brought to you in partnership with the Business Intelligence Network

DGI Header
GwenThomas
Data Governance.com
DataGovernance.com is an affiliate of BeyeNETWORK
Home

About Data Governance

Data Laws

- International Rules

- State Laws

- Federal Laws

- Federal Credit Laws

- UK and Canadian Laws

- Privacy Resources

- Caifornia Security Breach Notification Law

- Security Breaches