CHAPTER 5Regulatory Requirements
- 5.1 Frameworks
- 5.2 Regulations
- 5.2.1 GDPR
- 5.2.2 HIPAA Security Rule Subpart C
- 5.2.3 PCI DSS V3.2 Payment Card Industry Requirements
- 5.2.4 Sarbanes–Oxley
- 5.2.5 Saudi Arabian Monetary Authority Payment Services Regulations
- 5.2.6 New York State Cybersecurity Requirements of Financial Services Companies 23 NYCRR 500
- 5.2.7 Philippines Data Privacy Act 2012
- 5.2.8 Singapore Personal Data Protection Act 2012
- 5.2.9 Gramm–Leach–Bliley Act
- 5.3 Standards
- 5.4 Summary
Four separate regimes drive the need for data sanitization. The fourth, ESG, is facilitated by data sanitization. Data retention requirements, data privacy regulations, and IT security frameworks all call for data sanitization, whereas ecological and social governance requirements call for reuse of electronic components to reduce waste. Regulations exist to codify requirements often set forth in standards. In this chapter, we introduce the main regulations, frameworks, and standards that touch on data sanitization, data protection, and privacy.
5.1 Frameworks
A data security framework is a structured list, almost an outline or a matrix, of measures to be applied to a problem. ISO 25001-2 is such an outline with sections devoted to all aspects of an information security management system. The NIST Cybersecurity Framework is built ...
Get Net Zeros and Ones now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
