Link to home
Start Free TrialLog in
Avatar of brightsolution
brightsolution

asked on

What IT regulations are Payroll companies bound by?

So just as doctors are bound by HIPAA/HITECH and Banks are bound by Gramm-Leach-Bliley Act, what regulatory requirements are Payroll companies bound by?
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of brightsolution
brightsolution

ASKER

So what I have found out is that payroll companies are bound by the clients standards. Example.  The payroll company does not have any DIRECT policies associated to them if they are private. Public they are bound to SOX (Thank you masnrock).  But if they are private then they have no DIRECT policies.  What they do have are the policies bound to there clients.  If there clients are HIPAA/HITECH clients then they must abide by those same regulations since they are storing PII information that is governed by HITECH regulations and so on.  If they do business with clients in California, Massachusetts, or Nevada then there are state polices.  There are Federal laws also they must abide by.  I have attached the research info I found based on both of your responses.  Thank you for jogging my memory.

https://en.wikipedia.org/wiki/Personally_identifiable_information#Federal_law