Data Protection Laws

Introduction

Do your website’s forms follow the data protection laws? Are they secure for users and follow the rules? Forms need to be PII, HIPAA, FERPA, and PCI compliant. This way we can protect user’s sensitive information and prevent any consequences. I will explain these data protection laws and the consequences if you do not follow them. 


PII

PII or Personally Identifiable Information refers to data that can be used to identify a person. Things like phone numbers, names, email addresses, financial information, and genetic information must be protected. There are always scammers and hackers trying to breach this information. PII is meant to protect against just that. To become a PII complaint you need to follow a checklist:

  • Discover, Identify & Classify PII
  • Create a PII Policy
  • Implement Data Security
  • Practice IAM
  • Monitor + Respond
  • Assess Regularly
  • Keep Your Privacy Policy Updated
Data Protection Laws
Photo by AbsolutVision on Unsplash

HIPPA

HIPPA or Health Insurance Portability and Accountability Act is meant to protect patient’s health information. Any company dealing with health information must have a secure physical network. Anyone with access to a patient’s data must also follow HIPPA compliance. You must follow HIPPA compliance if you are dealing with any kind of health information. To become HIPPA complaint you need to follow a checklist: 

  • Designate a privacy officer
  • Develop and implement written policies and procedures
  • Provide training to workforce members
  • Obtain patient consent for certain disclosures
  • Maintain appropriate safeguards for protected health information (PHI)
  • Implement a system for reviewing and verifying requests for PHI
  • Respond to patient requests for access to PHI
  • Notify patients in the event of a breach of unsecured PHI
  • Assign unique identifiers to individuals and groups
  • Establish protocols for disclosing PHI to business associates and other third parties
Data Protection Laws
Photo by AbsolutVision on Unsplash

FERPA

FERPA or Family Educational Rights and Privat Act is meant to protect student education records. This applies to educational buildings that are funded by the U.S. Department of Education. FERPA protects student’s sensitive information and grades. Parents and students should still be able to access grades but they need to be protected from everyone else. To become FERPA complaint you need to follow a checklist: 

  • Annual Notification 
  • Right of Inspection and Review 
  • Fees 
  • Right to Amend Records 
  • Right to Hearing 
  • Prior Consent 
  • Recordkeeping
Data Protection Laws
Photo by AbsolutVision on Unsplash

PCI

PCI or Payment card industry complaint is meant to protect any financial information. When you make online payments or give information to credit card companies they need to keep your financial information safe. This is how we keep transfers and transactions safe and secure. Without PCI compliance companies are big targets for theft fraud and data breaches. To become PCI compliant you need to follow a checklist: 

  • Implement firewalls to protect data
  • Appropriate password protection (such as 2FA)
  • Protect cardholder data
  • Encryption of transmitted cardholder data
  • Utilize antivirus and anti-malware software
  • Update software and maintain security systems on a regular basis
  • Restrict access to cardholder data
  • Unique IDs assigned to those with access to data
  • Restrict physical access to data storage
  • Create and monitor access logs
  • Test security systems on a regular basis
  • Create a policy that is documented and that can be followed
Data Protection Laws
Photo by AbsolutVision on Unsplash

Consequences of not following Data Protection Laws

If you decide not to follow data protection laws you are obviously breaking the law. Breaking the law comes with hefty consequences. Consequences can include lawsuits, fines, criminal liability, implementation changes, and loss of reputation. If something small happens you can be issued a warning. So make sure you implement and constantly update these compliances to stay out of trouble. 


Conclusion

In conclusion, PII, HIPAA, FERPA, and PCI compliances are all data protection laws that should be followed to protect User’s sensitive information. Failure to do so can result in fines, lawsuits, criminal liability, and much more. Web developers and designers must make sure forms meet with guidelines and keep them secure. All this will prevent data breaches, theft, and fraud. Keeping your users safe and your reputation looking good. If you want to learn how to protect your website look at my website security trends blog!


Sources

https://securiti.ai/blog/pii-compliance-checklist/#

https://www.kiteworks.com/hipaa-compliance/hipaa-compliance-requirements/

https://www.intradyn.com/ferpa-compliance/

https://www.investopedia.com/terms/p/pci-compliance.asp

https://www.clarip.com/blog/penalties-and-risks-for-non-compliance-of-data-privacy-laws/