Kris Hunt

Partner and Cofounder, Hard Right Solutions

Today, there are infinite data points capturing all our individual purchasing behaviors, browsing histories, driving routes, contact information, fingerprints, scholastic records, legal matters, home/car purchases, medical histories, and so on. People with little to no exposure to analytics or databases may think that there are controls in place to protect this data given the outrage related to recent data breaches. The truth of the matter is that there are very few required safeguards in place.

There are two prominent federal data laws in the United States:

• In the area of financial data compliance, the Sarbanes-Oxley Act (SOX) of 2002 is a federal law that established sweeping auditing and financial regulations for public companies. Lawmakers created the legislation to help protect shareholders, employees, and the public from accounting errors and fraudulent financial practices.

• In the area of medical data confidentiality, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides data privacy and security provisions for safeguarding medical information.

When it comes to other sensitive data such as credit card information, there are no federal or state laws that make having this information stored in an office illegal; however, doing so can put you at odds ...