| |
|
|
US Biometrics and Privacy Laws & Ordinances
Currently there are few if any laws within the USA with
regard directly to the use of biometric systems or the storage
of the biometric templates, however there are several privacy
laws that reference approved biometric methods and the systems
they are approved to protect. As this information changes,
we will update it and comment on the laws and regulations.
Overview of US Federal
and State Privacy Laws
US Federal Privacy Laws Referencing Biometrics, Privacy
and Recordkeeping:
HIPAA - Health Insurance
Portability and Accountability Act 1996
As a part of this sweeping legislation enacted in
1996, the US Government introduced Privacy and Security
Rules regarding personal medical records and their
collection, transmission, storage and dissemination.
The enactment of the Privacy and Security Rules enacted
through the HIPAA Regulation has caused major changes in
the way physicians and medical centers operate. While
respect for patient privacy was already informally
considered a cornerstone of medical professionalism, the
complex legalities and potentially stiff penalties
associated with HIPAA, as well as the increase in
paperwork and the cost of its implementation, were
causes for concern among physicians and medical centers.
Biometrics offers a unique way to identify and
time-stamp the authorized access to medical records in
compliance with the record keeping requirements of
HIPAA.
Sarbanes Oxley
The Sarbanes–Oxley Act of 2002 (Pub. L. No. 107-204,
116 Stat. 745, also known as the Public Company
Accounting Reform and Investor Protection Act of 2002
and commonly called SOX or SarbOx; July 30, 2002) is a
United States federal law passed in response to a number
of major corporate and accounting scandals including
those affecting Enron, Tyco International, and WorldCom
(now MCI). These scandals resulted in a decline of
public trust in accounting and reporting practices.
Named after sponsors Senator Paul Sarbanes (D–Md.) and
Representative Michael G. Oxley (R–Oh.), the Act was
approved by the House by a vote of 423-3 and by the
Senate 99-0. The legislation is wide ranging and
establishes new or enhanced standards for all U.S.
public company boards, management, and public accounting
firms. The Act contains 11 titles, or sections, ranging
from additional Corporate Board responsibilities to
criminal penalties, and requires the Securities and
Exchange Commission (SEC) to implement rulings on
requirements to comply with the new law. Some believe
the legislation was necessary and useful, others believe
it does more economic damage than it prevents, and yet
others observe how essentially modest the Act is
compared to the heavy rhetoric accompanying it.
The first and most important part of the Act
establishes a new quasi-public agency, the Public
Company Accounting Oversight Board, which is charged
with overseeing, regulating, inspecting, and
disciplining accounting firms in their roles as auditors
of public companies. The Act also covers issues such as
auditor independence, corporate governance and enhanced
financial disclosure
Biometrics offers the ability to control access to
data, ensure compliance with the act when properly
implemented and provides best practices for firms that
are affected by the law.
Gramm-Leach-Bliley
Federal Data Privacy
Law - Financial Institutions
Protecting the privacy of consumer information held by
"financial institutions" is at the heart of the
financial privacy provisions of the Gramm-Leach-Bliley
Financial Modernization Act of 1999. The GLB Act
requires companies to give consumers privacy notices
that explain the institutions' information-sharing
practices. In turn, consumers have the right to limit
some - but not all - sharing of their information.
Biometric technology utilizing multi-factor
authentication can form the basis for a sound GLB
compliance solution.
Here's a brief look at the basic financial privacy
requirements of the law.
|
|
View
Cart
