The 2010 report describes information security and data breach notification requirements included in the Privacy Act, the Federal Information Security Management Act (FISMA), Office of Management and Budget (OMB) Guidance, the Veterans Affairs Information Security Act, the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act, the Gramm-Leach-Bliley Act (GLBA), the Federal Trade Commission (FTC) Act, and the Fair Credit Reporting Act. Also included in this report is a brief summary of the Payment Card Industry Data Security Standard (PCI DSS).
Information security laws are designed to protect personally identifiable information from compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or other situations where unauthorized persons have access or potential access to such information for unauthorized purposes. Data breach notification laws typically require covered entities to implement a breach notification policy, and include requirements for incident reporting and handling and external breach notification.
The 2007 Congressional Research Service report analyzes the Privacy Act, the Federal Information Security
Management Act, Office of Management and Budget Guidance, the Veterans Affairs Information Security Act, the Health Insurance Portability and Accountability Act, and the Gramm-Leach-Bliley Act. This report will be updated.