Risk and Compliance

Maintain the safety and security of private consumer information.

Safeguard your company against the stiff fines and other penalties that can result from non-compliance with the Federal regulations described below — not to mention the damage to your company’s reputation if private information in your safekeeping is lost or stolen.

Regulatory Acts

Health Insurance Portability and Accountability Act (HIPAA)

Established by the Department of Health and Human Services, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 was enacted to protect health insurance coverage for workers and their families. HIPAA Title II, known as the Administration Simplification (AS) Provisions, establishes national standards for electronic healthcare transactions and national identifiers for providers, health insurance plans, and employers. The AS Provisions also stipulate rules and regulations for protecting the privacy of personal health information (PHI).

Any entity that has access to protected health information is governed by HIPAA. This includes all medical facilities, human resource departments, health insurance agencies and insurance agencies issuing policies requiring physical exams and completion of personal health questionnaires.

Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS) governs organizations that accept payment through card transactions. Increasing credit and debit card fraud has spurred this multi-faceted standard and non-compliance can mean stiff fines and prohibition from handling cardholder data. This standard requires implementation of a comprehensive security program that proactively protects customer account information.

National Credit Union Administration (NCUA)

The National Credit Union Administration (NCUA) requires that credit unions have an appropriate information security platform that controls identified risks to sensitive information. Credit unions that do not comply with this NCUA requirement are forced to disclose breaches to consumers and regulators.

Gramm–Leach–Bliley Act (GLBA)

The Gramm–Leach–Bliley Act (GLBA), also widely known as the Financial Services Modernization Act of 1999, has had a significant impact on financial institutions. The Act applies strict government mandates, particularly concerning the collection and disclosure of consumers’ personal financial information. Among these mandates is the requirement that financial institutions have security policies and systems in place to safeguard information.

GLBA applies to financial institutions that collect information directly from customers and to institutions that obtain information from other financial institutions. Financial institutions include banks, insurance companies, securities companies, credit-rating agencies, mortgage brokers, and real estate appraisers—basically any organization that offers financial products or services.


Contact Our Experts


or call 643-XXXX

Office hours Mon - Fri 8 AM - 5 PM HST

Privacy Policy
Contact Our Experts

Let us design a solution custom-tailored to meet your needs.