58 Copyright Goodheart-Willcox Co., Inc. Section Legal Requirements Compliance When the requirement is a legal or regulatory directive, you are responsible for ensuring compliance with the terms. Compliance means you are following the rules or standards that have been established. Since technology is key to data stor- age and access, many laws have been established to ensure that data and privacy are protected. While most of the laws are enacted at a federal level, states may also have their own laws. Companies that work with other businesses or customers 2.3 As you plan security measures, it is important to understand that in a business you can set policies the information technology department and management team put into place. These security measures are optional. Every company can set policies, such as how long a password must be or what data users can access, and decide levels of permissions for users. However, there are some laws that you may have to follow. Doing so is not optional. Some laws are generic in nature and apply to all systems. Some laws apply only to certain types of businesses. Failure to abide by laws could result in criminal or civil penalties. The business may also lose the ability of providing a service, such as processing credit cards. When governmental regulation be applied to digital security? When shouldshould governmental re Key Terms compliance Computer Fraud and Abuse Act (CFAA) Electronic Communication Privacy Act (ECPA) electronic health record (EHR) Gramm-Leach-Bliley Act (GLBA) Health Insurance Portability and Accounting Act (HIPAA) Payment Card Industry Data Security Standard (PCI DSS) protected health information (PHI) Sarbanes-Oxley Act (SOX) Learning Goals • Defi ne compliance. • Identify laws and standards related to digital security.