There is a complex and daunting set of regulations that a SME/SMB owner must manage and abide by if he wants to maintain regulatory compliance. The number of data security regulations has exploded in the past decade. These regulations include the Basel II Accord, the Health Insurance Portability and Accountability Act (also known as the HIPAA), the Sarbanes-Oxley Act of 2002, the Gramm-Leach-Bliley Act (known as the GLBA), and California Senate Bill 1386. Each of these regulatory frameworks dictate how you must run some aspect of your SME/SMB.
The Basel II Accord was adopted in 2004 to maintain an
international standard to help banking regulators create new regulation regarding the amount of reserves that banks must maintain to ensure their stability in times of financial crisis. It also created new standards for the protection of personal financial information.
The HIPAA was instituted by the United States Congress in 1996 to ensure that workers can maintain their health insurance coverage when they change or lose their jobs. However, the Administrative Simplification portion of the bill also creates a regulatory framework regarding the safety and security of personal health data, and if your company deals in any way with data regarding personal health information, you must comply.
The Sarbanes-Oxley Act was a far-reaching accounting regulatory structure that was passed in the wake of the Enron and Worldcom scandals in 2002. Business professionals often refer to the rules as Sox or Sarbox. The act created new standards for all publicly traded or held companies in the United States to ensure accountability and truthfulness regarding accounting and financial records. A 2004 study by the law firm of Foley and Lardner showed that compliance with Sarbanes-Oxley can increase the cost of being a publicly held company by as much as one hundred and thirty percent.
The GLBA was passed in 1999 and repealed the Glass-Steagall Act, which opened up competition between insurance companies, banks, and securities companies. It created the modern financial services industry. The GLBA requires financial institutions to develop a written plan for the protection of personal, non-public data from customers. It also outlines a number of elements that are required to be a part of the written plan.
California Senate Bill 1386 was passed on July 1, 2003, and regulates data security regarding personal information for all businesses operating in the state of California. California is the seventh largest economy in the world, so compliance with this bill is essential for most SME/SMB owners. If your company meets the criteria of the five-pronged test for requirement to comply, you must notify any resident of California whose unencrypted personal information was, or is reasonably believed
to have been, acquired by an unauthorized person.
Compliance with these regulations will ensure that your SME/SMB can continue to operate without interruption from regulatory agencies. Make sure to research any state or local regulations that may apply to your business as well to keep your SME/SME running smoothly.