Attached is the complete course paper instructions, but the research paper is divided among team so my part is the below one:
The Policy Statements must be a comprehensive body. Do not omit the discussion of laws that may apply to your business. This means that you must understand what your business does, and its privacy implications. Every company has employees, so employees’ privacy must be addressed. While it is debatable, I have discussed that any HRIS, or a company’s personnel records kept otherwise, has the propensity to contain medical information that we now know to refer to as “PHI.” Thus, you should have some policy that governs handling those data vis-à-vis privacy.
We will explain some of the following laws applicable to Financial Institution:
Payment Card Industry Data Security Standard (PCI-DSS)
Sarbanes-Oxley Act (SOX)
