Industry-specific regulations and standards
1. Industry-specific regulations and standards
Just like a real cloud in the sky, the cloud that stores data is all over the world. With the widespread use of cloud technology in almost every industry and sector, laws and regulations have been developed and updated to help ensure that data in the cloud is safe, and that users are protected. In previous videos, we discussed how frameworks are tools that can help you follow the regulations or laws for your industry. In this video we’ll discuss some of these common laws and regulations like FedRAMP, HIPAA, GDPR, and CPRA. It’s important to call out our discussion in this course should not be considered legal advice. The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a consistent approach to security assessment, authorization, and continuous monitoring for cloud products and services in the United States. FedRAMP’s purpose is to ensure compliance of third-party cloud services for government users handling sensitive data. All federal government agencies and non-federal government organizations providing services to the federal government in the United States are able to leverage the additional security provided by FedRAMP, and some agencies or organizations may be required to use FedRAMP-authorized cloud services if they are handling particularly sensitive data like Personally Identifiable Information, or PII, and Protected Health Information, or PHI. Another important law is the Health Insurance Portability and Accountability Act, or HIPAA, a US federal law for healthcare organizations. HIPAA includes rules that address the use of standardized electronic insurance transactions, privacy, and security. The Privacy Rule focuses on the use and sharing of all PHI, by what are known as “covered entities.” Covered entities include healthcare providers, healthcare plans, healthcare clearinghouses and their healthcare business associates. The Security Rule protects a subset of information covered by the Privacy Rule. This subset is all identifiable health information a covered entity creates, receives, maintains, or transmits in electronic form only. This information is called electronic protected health information, or ePHI. The General Data Protection Regulation, or GDPR, includes regulations that protect personal data and privacy of the residents of the European Union, or EU. All member states of the EU, and international organizations handling EU resident data, are obliged to follow the regulations set out by the GDPR. These regulations consist of a broad set of rules that require businesses to protect the personal data and privacy of EU residents for transactions that occur within EU member states. The GDPR also regulates the exportation of personal data outside the EU. The California Privacy Rights Act, or CPRA, is a consumer privacy law in the state of California intended to protect consumers. It enables consumers to know about, delete, or opt out of personal data that is gathered. There are a lot of laws and regulations to be mindful of, and they might seem ethereal like clouds in the sky, but they’re important and useful measures that protect users and businesses. As a cloud security professional, you’ll need to stay up-to-date with the laws and regulations for your industry and your geography’s governing bodies.2. Let's practice!
Create Your Free Account
or
By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.