HC DataPro is a for profit Data electronic payment processing company. It moves more than 5 million merchants and 1,700 card issuers in over 30 countries. It provides services such as credit card payment processing, fraud protection, authentication, check guarantee, electronic bill payment management and point of sale services. For the sake of this project we will assume that HC DataPro processes payments for a wide variety of industries and therefore must be compliant with certain security laws governing financial institutions and other industries. As for the state Law portion of this project we are going to assume the company has locations in multiple states and does business in every state thus subject to laws from each of those states.…show more content… Health Insurance Portability and Accountability Act of 1996 (HIPAA)-
Industry Application- This law applies to the Healthcare industry and financial institutions that process payments of healthcare services.
Summary- HIPAA is a federal law that is aimed at protecting the individually identifiable health information of patients in the United States. The main components of this law pertain to the privacy of the information, the security of the information, as well as the rules regarding breach notifications. (Grama, 2011)
3. Fair and Accurate Credit Transaction Act of 2003 (FACTA)
Industry Application- This Law applies to the financial industry.
Summary- FACTA was established by congress in 2003 to help ensure that financial institutions played a vital role in protecting consumers from identity theft by identifying and responding to possible cases identity theft. The law required the FED, the FDIC, the FTC, and other U.S. financial regulatory agencies to work together to ID these cases, so together they issued the Identity Theft Red Flags Rule which means that financial institutions must try to ID any patterns or activities that could be cases of identity misuse. (CSO, 2012)
4. PCI DSS Payment Card Industry Data Security…show more content… This includes the disposal of physical hard drives that at one time held PII. This bill Includes definitions of PII, penalties for non-compliance, who must comply, and also the proper or accepted methods of disposal. (Trafimow, 2008)
3. Nev. Rev. Stat. § 597.970 (2005)
Industry Application- Business’s and card payment companies
Summary- This law is two parts in that it requires any businesses that operate within the state to encrypt all personal information before it is transmitted outside of the network. It includes encryption requirements and lists those that must comply with both parts. It also strengthens payment card laws by requiring compliance with the PCI DSS standard. This is aimed to help protect the consumer’s personally identifiable information. (Grama, 2011)
4. Massachusetts 201 CMR 17.00
Industry Application- Multi industry. Any company that collects information from customers or residents of Massachusetts is subject to this
