You just took a job with the Department of Defense (DoD). You want to familiarize yourself with the regulatory requirements that apply to the data handled by the DoD.

Imagine that you are involved in each of the scenarios. Which compliance or regulatory standard or act would apply? Click on the colored dot representing each scenario and drag it to the green circle representing the correct standard or act. You can drag more than one scenario to a green circle. If you get stuck, you may click on Reveal Answers to see the correct answers, then try the game again to see how well you do.

Your doctor sends you an e-mail containing the results of your latest blood test. He inadvertently courtesy copies another patient on the e-mail. You want to find out about the legality of this action.

Do you know which compliance or regulatory requirements to follow?

You are going to use your education benefits from the Department of Veterans Affairs (VA). You are able to do this because your information is stored in the system and protected according to certain regulations.

SCENARIOS

Reset

GLBA

COMPLIANCE OR REGULATORY STANDARDS/ACTS

Reveal Answers

HIPAA

DIRECTIONS

SOX

RESULTS

PCI DSS

Your company has decided to start selling its products online. Your manager asks you what the company should consider in preparing to receive credit card information.

Directions: Connect the colored dots to the corresponding green dots. Answers will only "stick" when correct.

FISMA

Your bank has provided your financial information to a marketing firm. You have not granted permission for your bank to do this. You want to check on your rights in this situation.