Glossary

U

A B C D E F G H I L M N O P R S U V W

U.S. Anti-Money Laundering (AML) Act

Description: Legislation aimed at preventing money laundering activities through financial institutions.
Enacted and Enforced: Enacted in 2020; enforced by the Financial Crimes Enforcement Network (FinCEN).
Impacts Data Types: Financial transactions, customer identification data.
Examples: Customer due diligence, suspicious activity reporting.
Potential Fines: Fines up to $1 million per violation; criminal penalties may apply.

U.S. Controlled Unclassified Information (CUI)

Description: Information that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and government-wide policies.
Enacted and Enforced: Established by Executive Order 13556 in 2010; enforced by NARA.
Impacts Data Types: Sensitive but unclassified government information.
Examples: Privacy information, proprietary business information.
Potential Fines: Non-compliance can lead to contract termination and penalties per agency regulations.

U.S. Criminal Justice Information System (CJIS)

Description: A system that manages criminal justice information and enforces security policies for data access and sharing.
Enacted and Enforced: Managed by the FBI; policies updated regularly.
Impacts Data Types: Criminal records, fingerprint data, investigation reports.
Examples: Background checks, law enforcement data sharing.
Potential Fines: Violations can result in loss of access and legal penalties.

U.S. Drug Enforcement Agency (DEA) Number

Description: Unique identifier assigned to healthcare providers authorized to prescribe controlled substances.
Enacted and Enforced: Issued by the DEA under the Controlled Substances Act.
Impacts Data Types: Prescription records, provider identification.
Examples: Controlled substance prescriptions, provider verification.
Potential Fines: Penalties for misuse include fines and license revocation.

U.S. Export Administration Regulations (EAR)

Description: Regulations controlling the export of dual-use goods, software, and technology.
Enacted and Enforced: Administered by the Bureau of Industry and Security (BIS).
Impacts Data Types: Export documentation, product classifications.
Examples: Export licenses, compliance reports.
Potential Fines: Civil and criminal penalties, including fines up to $1 million per violation.

U.S. Export Controlled Information

Description: Information subject to export control laws restricting its dissemination outside the U.S.
Enacted and Enforced: Governed by EAR and International Traffic in Arms Regulations (ITAR).
Impacts Data Types: Technical data, software, defense articles.
Examples: Classified technical manuals, encryption software.
Potential Fines: Severe penalties including fines and imprisonment for unauthorized export.

U.S. Family Educational Rights and Privacy Act (FERPA)

Description: Federal law protecting the privacy of student education records.
Enacted and Enforced: Enacted in 1974; enforced by the U.S. Department of Education.
Impacts Data Types: Student records, academic information.
Examples: Transcripts, disciplinary records.
Potential Fines: Loss of federal funding and potential legal action.

U.S. Fair Credit Reporting Act (FCRA)

Description: Regulates the collection, dissemination, and use of consumer credit information.
Enacted and Enforced: Enacted in 1970; enforced by the Federal Trade Commission (FTC).
Impacts Data Types: Credit reports, financial data.
Examples: Credit checks, dispute resolution.
Potential Fines: Civil penalties and damages for willful non-compliance.

U.S. Federal Financial Institutions Examination Council (FFIEC)

Description: Interagency body that prescribes uniform principles and standards for financial institution examinations.
Enacted and Enforced: Established in 1979; enforced through member agencies.
Impacts Data Types: Financial data, risk assessments.
Examples: Cybersecurity assessments, compliance audits.
Potential Fines: Enforcement actions by member agencies including fines.

U.S. Federal Information Security Modernization Act (FISMA)

Description: Requires federal agencies to develop, document, and implement information security programs.
Enacted and Enforced: Enacted in 2014; overseen by OMB and NIST.
Impacts Data Types: Federal information systems data.
Examples: Security assessments, continuous monitoring.
Potential Fines: Non-compliance can lead to budget restrictions and penalties.

U.S. Financial Forms and Documents

Description: Standardized documents used in financial reporting and transactions.
Enacted and Enforced: Governed by various federal agencies including the SEC and IRS.
Impacts Data Types: Financial statements, tax forms.
Examples: Form 10-K, W-2, 1099.
Potential Fines: Penalties for inaccurate or late filings.

U.S. Internal Revenue Code (IRC) 6103

Description: Protects the confidentiality of taxpayer information and governs its disclosure.
Enacted and Enforced: Part of the Internal Revenue Code; enforced by the IRS.
Impacts Data Types: Tax returns, taxpayer data.
Examples: Restrictions on information sharing.
Potential Fines: Criminal penalties and fines for unauthorized disclosure.

U.S. Internal Revenue Service Publication 1075 (IRS 1075)

Description: Provides guidelines for safeguarding federal tax information.
Enacted and Enforced: Issued by the IRS; mandatory for agencies handling federal tax data.
Impacts Data Types: Federal tax information.
Examples: Security controls, access restrictions.
Potential Fines: Non-compliance can lead to termination of data access and legal penalties.

U.S. International Traffic in Arms Regulations (ITAR)

Description: Controls the export and import of defense-related articles and services.
Enacted and Enforced: Administered by the Department of State’s Directorate of Defense Trade Controls (DDTC).
Impacts Data Types: Defense articles, technical data.
Examples: Export licenses, compliance programs.
Potential Fines: Significant fines and imprisonment for violations.

U.S. Material Non-Public Information (MNPI)

Description: Information that could influence an investor’s decision and is not publicly available.
Enacted and Enforced: Regulated under securities laws by the SEC.
Impacts Data Types: Corporate financial data, merger plans.
Examples: Insider trading restrictions.
Potential Fines: Civil and criminal penalties including fines and imprisonment.

U.S. National Institute of Standards and Technology (NIST) 800–171

Description: Provides guidelines for protecting controlled unclassified information in non-federal systems.
Enacted and Enforced: Published by NIST; required by federal contracts.
Impacts Data Types: Controlled unclassified information (CUI).
Examples: Access controls, incident response.
Potential Fines: Contract penalties and loss of federal funding.

U.S. Proposals & Bids

Description: Documents submitted in response to requests for proposals or bids for government contracts.
Enacted and Enforced: Governed by federal procurement regulations.
Impacts Data Types: Business proposals, pricing data.
Examples: Bid documents, technical proposals.
Potential Fines: Penalties for bid rigging and fraud.

U.S. Securities and Exchange Commission (SEC) Forms

Description: Standardized forms used for disclosures and filings with the SEC.
Enacted and Enforced: Required by SEC regulations.
Impacts Data Types: Financial statements, insider trading reports.
Examples: Forms 10-K, 8-K, 13D.
Potential Fines: Monetary penalties and sanctions for non-compliance.

U.S. Securities and Exchange Commission (SEC) Regulation Best Interest (RegBI)

Description: Regulation requiring broker-dealers to act in the best interest of retail customers.
Enacted and Enforced: Effective June 2020; enforced by the SEC.
Impacts Data Types: Customer investment data, transaction records.
Examples: Disclosure requirements, conflict of interest policies.
Potential Fines: SEC enforcement actions and fines.

U.S. Uniformed Services Employment and Reemployment Rights Act (USERRA)

Description: Protects the employment and reemployment rights of service members.
Enacted and Enforced: Enacted in 1994; enforced by the U.S. Department of Labor.
Impacts Data Types: Employment records, military service records.
Examples: Reinstatement rights, protection against discrimination.
Potential Fines: Remedies include reinstatement, back pay, and damages; no specified fines.

U.S. Uniform Commercial Code (UCC)

Description: A set of laws that provide legal rules and regulations governing commercial or business dealings and transactions.
Enacted and Enforced: Adopted in some form by all 50 states; originally published in 1952.
Impacts Data Types: Contractual data, financial agreements.
Examples: Sales contracts, secured transactions.
Potential Fines: Varies by state law; typically damages awarded for breach of contract.

U.S. Workplace Harassment Laws

Description: Laws prohibiting harassment and discrimination in the workplace.
Enacted and Enforced: Enforced by the Equal Employment Opportunity Commission (EEOC).
Impacts Data Types: Employee complaints, investigation records.
Examples: Sexual harassment policies, training programs.
Potential Fines: Fines, damages, and corrective actions.

Utah Consumer Privacy Act (UCPA)

Description: State law enhancing consumer privacy rights and data protection requirements in Utah.
Enacted and Enforced: Enacted in 2023; enforced by the Utah Attorney General.
Impacts Data Types: Personal data, consumer information.
Examples: Data access requests, opt-out rights.
Potential Fines: Civil penalties up to $7,500 per violation.

A B C D E F G H I L M N O P R S U V W