Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Preview
Start a free Courses trial
to watch this video
When dealing with certain kinds of sensitive data, the word “compliance” tends to pop up. Compliance revolves around standards put in place by governments and organizations around the world that limit the things you can do with certain types of data you might use on your site.
Further Reading
-
PCI Compliance Guide
- PCI Security Standards: Maintaining Secure Payment
- HIPAA: Summary of the HIPAA Security Rule
- HIPAA: US Department of Health and Human Services: Health Information Privacy
- COPPA: FTC: Children's Online Privacy Protection Rule
- GDPR: General Data Protection Regulation
-
EUGDPR: European Union GDPR Portal
When dealing with certain
kinds of sensitive data,
0:00
the word compliance tends to pop up.
0:03
Compliance revolves around standards
put in place by governments and
0:06
organizations around the world
0:10
that limit the things that you're allowed
to do with certain types of data.
0:13
We're not going to dive into these
compliance issues in-depth, but you should
0:18
be aware of them when you work with any
application that deals with customer data.
0:22
If you are ever concerned
about compliance or
0:27
the handling of customer data, you should
always consult with legal counsel.
0:30
Briefly, let's go over the main forms
of compliance that you may encounter.
0:36
PCI stands for Payment Card Industry
Data Security Standard, and
0:41
concerns the handling of credit card
information and payment information.
0:46
If you handle credit card or debit card
information, then you need to be concerned
0:51
with how you handle this data, including
its storage, processing, and transmission.
0:56
HIPAA, the Health Insurance Portability
and Accountability Act of
1:02
1996 is a US legislation that
provides data privacy and
1:08
security provisions for
safeguarding medical information.
1:12
COPPA is a Children's Online
Privacy Protection rule, and
1:17
imposes certain requirements
on websites and
1:21
online services directed to
children under 13 years of age.
1:25
This affects all online services
that knowingly collect personal
1:30
information from a child
under 13 years of age.
1:34
GDPR, the General Data
Protection Regulation,
1:38
was put forth by the European Union
to strengthen and
1:42
unify data protection for
all individuals within the European Union.
1:45
You can learn more about each of these
guidelines through the resources in
1:52
the teacher's notes.
1:55
These compliance guidelines
are a minimum requirement and
1:57
should not be used to determine if
your application is actually secure.
2:00
You could be meeting these guidelines
while still having an application
2:05
with security vulnerabilities.
2:09
Compliance is a complicated subject,
and many other regulations exist.
2:11
Though the ones we have just discussed are
the ones you're most likely to encounter.
2:17
You need to sign up for Treehouse in order to download course files.
Sign up