We talk a lot about complying with regulations here at Coviant Software, and about how using our award-winning Diplomat MFT secure managed file transfer software can play an important role in information security and data privacy compliance programs. That’s because Diplomat MFT tackles tasks essential to compliance by automating processes like file encryption using OpenPGP, supporting encrypted transport protocols like SFTP and FTPS, and documenting every step of the process for auditability (without auditability, there is no compliance). Often those conversations focus on the big standards and regulations that dominate such discussions. Regulations like HIPAA-HITECH, PCI-DSS get a lot of our attention, and we even talk about niche standards like HRSA 340B, or organizational standards like JP Morgan’s cryptographic standard, or Wayfair’s EDI standard.
But there are a lot more data security and privacy standards out there and, depending on your industry or geographic location, there’s a good chance you’ve got many laws you’ll need to follow to avoid falling afoul of regulating authorities. We thought it might be worthwhile to offer a list of regulations and links to useful resources. This is far from an exhaustive list, but it is a good start, and it is illustrative of the huge and complex task that is regulatory compliance.
Many Regulations at Home and Abroad
Here in the U.S. there are more than 50 different privacy and data protection regimes creating and enforcing laws when you consider all the state and federal agencies involved. The International Association of Privacy Professionals (IAPP) does a good job following those and the changes that take place. You can click these links for their state and federal legislation trackers.
Elsewhere around the world governments are busy creating new and updating old laws. Here are some that are worth noting.
- General Personal Data Protection Act (LGPD), Brazil
- Personal Information Protection and Electronic Documents Act (PIPEDA), Canada
- Consumer Privacy Protection Act (CPPA), Canada
- General Data Protection Regulation (GDPR), European Union
- Digital Operations Resilience Act (DORA), European Union
- Act on the Protection of Personal Information (APPI), Japan
- Financial Instruments and Exchange Law (J-SOX), Japan
- Privacy Act of 2020, New Zealand
- Personal Information Protection Law (PIPL), People’s Republic of China
- Cybersecurity Law (CSL), People’s Republic of China
- Outbound Data Transfer Security Assessment; People’s Republic of China
- Protection of Personal Information Act (POPIA), South Africa
- New Federal Act on Data Protection (nFADP), Switzerland
- Data Protection Act (DPA), UK
Resources for Learning More
Here are a few more resources for discovering and learning about privacy and data protection laws around the world:
- United Nations Conference on Trade and Development (UNCTAD)
- DL Piper’s Data Protection Laws of the World
- Thales Group’s Data Protection Around the World
When it comes to understanding and following any combination of privacy and data protection regulation, we suggest contracting with reputable legal counsel and a proven consultant on these matters. When developing your own compliance program, it’s best to know which specific laws apply to your current business model, as well as whether plans for growth may affect future compliance needs. Data transfers that cross international boundaries require special attention, so these are all considerations that need to be addressed.
Choose the Right Tech
Of course, choosing the right technologies helps with compliance. Our customers rely on Diplomat MFT to help them send, receive, host, and retrieve data in accordance with whatever regulations they must follow. Diplomat MFT was designed to do what is needed to securely transfer data simply, efficiently, reliably, and automatically. We do it at whatever scale and frequency you need, and we offer Diplomat MFT at an honest, ethical price. Want to know more? Contact us for answers or to schedule a demonstration.