Every organization has its own unique security needs when it comes to delivering sensitive information — from complying with privacy and data protection regulations such as the U.S.-based HIPAA, SOX, PCI, GLBA and FISMA requirements to meeting the security demands of partners, suppliers and customers.

Blue Karma Security is the expert in recommending the best in class solutions to help you comply and protect you against these costly violations.


The Federal Financial Institutions Examination Council (FFIEC) is a formal U.S. government interagency body that includes five banking regulators—the Federal Reserve Board of Governors (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB). It is […]


The California Consumer Privacy Act will give you important new consumer privacy rights to take back control of your personal information, including: Right to know ALL data collected by a business on you, twice a year, free of charge. Right to say NO to the sale of your information. Information Security: Right to sue companies who collected your data, […]


What is the EU General Data Protection Regulation (GDPR)? The GDPR is a new regulation created by the European Union. It has been four years in the making and was finally approved on April 14, 2016. It will replace its predecessor, the Data Protection Directive 95/46/EC, which was adopted in 1995. The GDPR aims to regulate the processing of personal […]


HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996.  HIPAA does the following: The HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when […]


The Sarbanes-Oxley Act (SOX) was enacted in 2002 to hold publicly traded companies accountable with internal checks/balances and procedures to reduce the possibility of corporate fraud. For a company to be SOX compliant all business records, including electronic records and electronic messages, must be saved for “not less than five years.


The Payment Card Industry Security Standards Council, or PCI SSC – often termed simply “the Council” – is an open global forum, launched in 2006, that develops, maintains and manages the PCI Security Standards, which include the Data Security Standard (DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) Requirements. Our standards […]


FISMA is a US federal law enacted in 2002 as Title III of the E-Government Act of 2002. The act incorporates the need for federal information security to continuous economic prosperity and national security. The act mandates that all federal agencies develop, document, and implement an agency-wide program to secure the information and information systems […]


The Gramm-Leach-Bliley Act (GLBA) was established in 1999 and includes the Financial Privacy Rule which governs the collection and disclosure of customers’ personal financial information by financial institutions. This rule also applies to companies that may not be financial institutions, but receive the same customer information. Whether a financial institution discloses nonpublic information or not, […]


The North American Electric Reliability Corporation (NERC) is a nonprofit corporation based in Atlanta, Georgia, and formed on March 28, 2006, as the successor to the National Electric Reliability Council (also known as NERC). The original NERC was formed on June 1, 1968, by the electric utility industry to promote the reliability and adequacy of […]