Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Start a free Courses trial
to watch this video
When dealing with certain kinds of sensitive data, the word “compliance” tends to pop up. Compliance revolves around standards put in place by governments and organizations around the world that limit the things you can do with certain types of data you might use on your site.
Further Reading
-
PCI Compliance Guide
- PCI Security Standards: Maintaining Secure Payment
- HIPAA: Summary of the HIPAA Security Rule
- HIPAA: US Department of Health and Human Services: Health Information Privacy
- COPPA: FTC: Children's Online Privacy Protection Rule
- GDPR: General Data Protection Regulation
-
EUGDPR: European Union GDPR Portal
When dealing with certain kinds of sensitive data, 0:00 the word compliance tends to pop up. 0:03 Compliance revolves around standards put in place by governments and 0:06 organizations around the world 0:10 that limit the things that you're allowed to do with certain types of data. 0:13 We're not going to dive into these compliance issues in-depth, but you should 0:18 be aware of them when you work with any application that deals with customer data. 0:22 If you are ever concerned about compliance or 0:27 the handling of customer data, you should always consult with legal counsel. 0:30 Briefly, let's go over the main forms of compliance that you may encounter. 0:36 PCI stands for Payment Card Industry Data Security Standard, and 0:41 concerns the handling of credit card information and payment information. 0:46 If you handle credit card or debit card information, then you need to be concerned 0:51 with how you handle this data, including its storage, processing, and transmission. 0:56 HIPAA, the Health Insurance Portability and Accountability Act of 1:02 1996 is a US legislation that provides data privacy and 1:08 security provisions for safeguarding medical information. 1:12 COPPA is a Children's Online Privacy Protection rule, and 1:17 imposes certain requirements on websites and 1:21 online services directed to children under 13 years of age. 1:25 This affects all online services that knowingly collect personal 1:30 information from a child under 13 years of age. 1:34 GDPR, the General Data Protection Regulation, 1:38 was put forth by the European Union to strengthen and 1:42 unify data protection for all individuals within the European Union. 1:45 You can learn more about each of these guidelines through the resources in 1:52 the teacher's notes. 1:55 These compliance guidelines are a minimum requirement and 1:57 should not be used to determine if your application is actually secure. 2:00 You could be meeting these guidelines while still having an application 2:05 with security vulnerabilities. 2:09 Compliance is a complicated subject, and many other regulations exist. 2:11 Though the ones we have just discussed are the ones you're most likely to encounter. 2:17
You need to sign up for Treehouse in order to download course files.
Sign up