Laws governing collection of sensitive data

Forum Moderators: phranque

Message Too Old, No Replies

Laws governing collection of sensitive data

wireweb

6:41 pm on Apr 27, 2010 (gmt 0)

Anyone know of a good resource for current state and federal laws regarding the collection of sensitive information?

I have an insurance agency client who wants to start putting online applications for various types of insurance: car, health, bonding, etc. In some cases, the info is generic private info, in others we need SSNs, and then for Health applications, there's a whole range of other considerations.

Aside from just installing SSL, I'm sure there are laws that govern how you collect that data, how you process it, and how you store it.

Is there a good resource guide with the best practices for this kind thing, including laws specifically targeted at niche industries, like health?

Thanks,

Greg.

bill

2:15 am on Apr 28, 2010 (gmt 0)

Welcome to WebmasterWorld wireweb.

We're an international bunch here. You might want to specify which country you're referring to. If you can read Japanese I could probably get you some local links from my area.

wireweb

6:16 am on Apr 28, 2010 (gmt 0)

Sorry, I'm the U.S. Oregon.

rocknbil

5:58 pm on Apr 28, 2010 (gmt 0)

Hey welcome aboard neighbor! Southern part of the state here . . .

Anything that remotely touches health info: start with a search for HIPAA compliance.

Although it's not related to credit card info, research on PCI compliance will reveal best practices for managing information securely. Identity info is way more serious than CC info.

Last, it's not just the management of it, it's the destruction of it as well. I heard crickets in the following thread, but I attend regular networking meetings and there are several companies - right here in Oregon - already being fined for improper management of sensitive document destruction. This is going to be a **big deal** from corporations down to small business owners, and everyone seems to be ignoring it. Red Flags Ruling and You [webmasterworld.com].

tangor

7:29 pm on Apr 28, 2010 (gmt 0)

@rocknbil: I, too, heard the crickets for that slammin' post, but also see something similar about to happen here in Texas. Management and security of personal data is a big thing most of the time, but seems to be getting bigger day by day. You'll want to follow up on Federal limitations/requirements particularly if collect SSN.