Editor's note: This is a sidebar for " Protect Your Portable Data - Always and Everywhere ."
CPAs should understand their ethical, legal and regulatory responsibilities to safeguard data. The following listings direct you to primary sources:
LAWS, REGULATIONS
Federal laws
- Federal Trade Commission, Gramm-Leach-Bliley Act, Disclosure of Nonpublic Personal Information, tinyurl.com/8k3e6
- Department of Commerce, National Institute of Standards and Technology, Federal Information Processing Standards (FIPS), csrc.nist.gov/publications/PubsFIPS.html
- Department of Education, Family Educational Rights and Privacy Act (FERPA), tinyurl.com/3ydvw
- Department of Health and Human Services, Office for Civil Rights, Health Insurance Portability and Accountability Act (HIPAA), www.hhs.gov/ocr/hipaa
State and local laws
- AICPA tally of states and territories that have enacted legislation governing data security breaches, tinyurl.com/bdy9wq. At this writing, 44 states, the District of Columbia, Puerto Rico and the U.S. Virgin Islands had done so.
RESOURCES
Federal Trade Commission (FTC).
The
FTC’s information for businesses can help you enhance compliance with the law. Also, see
regulatory guidance and law enforcement information from the FTC’s
Bureau of Consumer Protection, as well as a catalog of cases
brought by the agency and a list of all Commission actions (http://www.ftc.gov/bcp/resources.shtml).
Other useful FTC publications include:
- Protecting Personal Information: A Guide for Business , www.ftc.gov/infosecurity
- How to Comply with the Privacy of Consumer Financial Information Rule of the Gramm-Leach-Bliley Act , tinyurl.com/dx4ogc
- In Brief: The Financial Privacy Requirements of the Gramm-Leach-Bliley Act , tinyurl.com/cgvsqk
Privacy
Rights Clearinghouse.
Practical
information on privacy violations and other issues related to data
security breaches, www.privacyrights.org
