Relate well-known compliance laws to real-world applications. Assignment Require
ID: 3908150 • Letter: R
Question
Relate well-known compliance laws to real-world applications.
Assignment Requirements
Given the following list of U.S. compliance laws, choose three laws and write a summary report describing their real-world implementations in the public or private sector.
Children’s Internet Protection Act (CIPA)
Family Educational Rights and Privacy Act (FERPA)
Federal Information Security Modernization Act (FISMA)
Gramm-Leach-Bliley Act (GLBA)
Health Insurance Portability and Accountability Act (HIPAA)
Sarbanes-Oxley (SOX) Act
Explanation / Answer
Q1) choose three laws and write a summary report describing their real-world implementations in the public or private sector
1. Health Insurance Portability and Accountability Act (HIPAA) - The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that requires employers to protect employee medical records as confidential. HIPAA includes regulations that cover how employers must protect employees’ medical privacy rights and the privacy of their health information.
In general, the HIPAA Privacy Rule provides federal protection for personal health information that is held by covered entities. HIPAA gives patients rights with respect to their personal health-related information. But, the HIPAA privacy rule also permits the disclosure of personal health information that is needed for patient care and other important purposes.
HIPAA, additionally, requires that employer-sponsored health plans are portable and non-discriminatory, but HIPAA does not require an employer to offer an employee health care plan. HIPAA covers the electronic disclosure of employees’ medical information. HIPAA also requires employers to cover employees’ and their dependents’ pre-existing health conditions under certain circumstances.
Additional Employer Responsibilities Under HIPAA :-
2. Gramm-Leach-Bliley Act - The Gramm-Leach-Bliley Act of 1999 (GLBA) was a bi-partisan regulation under President Bill Clinton, passed by Congress on November 12, 1999. The GLBA was an attempt to update and modernize the financial industry. The GLBA is most well-known as the repeal the Glass-Steagall Act of 1933, which stated that commercial banks were not allowed to offer financial services, like investments and insurance-related services, as part of normal operations.
GLBA was passed on the heels of commercial bank Citicorp’s merger with the insurance firm Travelers Group. This led to the formation of the conglomerate Citigroup, which offered not only commercial banking and insurance services, but also lines of business related to securities. Its brands at this stage included Citibank, Smith Barney, Primerica, and Travelers. Citicorp’s merger was a violation of the then-existing Glass–Steagall Act, as well as the Bank Holding Company Act of 1956.
To allow the merger to take place, the U.S. Federal Reserve gave Citigroup a temporary waiver in September 1998—a precursor to Congress’s passage of GLBA. Moving forward, other similar mergers would be fully legal. Repealing Glass–Steagall also removed the ban of “simultaneous service by any officer, director, or employee of a securities firm as an officer, director, or employee of any member bank.”
The Gramm-Leach-Bliley Act and Consumer Privacy - The Gramm-Leach-Bliley Act also required financial institutions offering consumers loan services, financial or investment advice, and/or insurance, to fully explain their information-sharing practices to their customers. Firms must allow their customers the option to "opt-out" if they do not want their sensitive information shared. While many consider critical information, such as bank balances and account numbers, to be confidential, in reality this data is consistently bought and sold by banks, credit card companies, and others. Gramm-Leach-Bliley required limited privacy protections against such personal data sales, along with pretexting (obtaining personal information through false pretenses).
3. Family Educational Rights and Privacy Act (FERPA) - The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
FERPA gives parents certain rights with respect to their children's education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. Students to whom the rights have transferred are "eligible students."
Parents or eligible students have the right to inspect and review the student's education records maintained by the school. Schools are not required to provide copies of records unless, for reasons such as great distance, it is impossible for parents or eligible students to review the records. Schools may charge a fee for copies.
Parents or eligible students have the right to request that a school correct records which they believe to be inaccurate or misleading. If the school decides not to amend the record, the parent or eligible student then has the right to a formal hearing. After the hearing, if the school still decides not to amend the record, the parent or eligible student has the right to place a statement with the record setting forth his or her view about the contested information.
Generally, schools must have written permission from the parent or eligible student in order to release any information from a student's education record. However, FERPA allows schools to disclose those records, without consent, to the following parties or under the following conditions (34 CFR § 99.31):
Schools may disclose, without consent, "directory" information such as a student's name, address, telephone number, date and place of birth, honors and awards, and dates of attendance. However, schools must tell parents and eligible students about directory information and allow parents and eligible students a reasonable amount of time to request that the school not disclose directory information about them. Schools must notify parents and eligible students annually of their rights under FERPA. The actual means of notification (special letter, inclusion in a PTA bulletin, student handbook, or newspaper article) is left to the discretion of each school.
Please let me know in case of any clarifications required. Thanks!