Regulatory Compliance in Data Management

Radu Sion³ &
Sumeet Bajaj³

39 Accesses

Definition

Regulatory compliance in data management refers to information access, processing, and storage mechanisms designed in accordance to regulations. For example, in the United States, health-related data falls under the purview of the Health Insurance Portability and Accountability Act (HIPAA). Any associated healthcare data management systems need to be compliant with HIPAA requirements, including provision of data confidentiality and retention assurances. Such compliance has potential for far-reaching impact in the design of data processing systems.

Historical Background

In recent times, the increasing collection and processing of data have raised several concerns regarding data confidentiality, access, and retention. Driven by the concerns, regulators have enacted laws that govern all facets of data management. In the United States alone, over 10,000 regulations can be found in financial, life sciences, healthcare, and government sectors, including the Gramm-Leach-Bliley Act,...

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic

$34.99 /Month

Get 10 units per month
Download Article/Chapter or eBook
1 Unit = 1 Article or 1 Chapter
Cancel anytime

Buy Now

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 4,499.99; Price excludes VAT (USA)

Hardcover Book: USD 6,499.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Recommended Reading

Bajaj S, Sion R. Trusteddb: a trusted hardware based database with privacy and data confidentiality. In: Proceedings of the ACM SIGMOD International Conference on Management of Data; 2011. p. 205–16.
Google Scholar
Bajaj S, Sion R. CorrectDB: SQL engine with practical query authentication. In: Proceedings of the 39th International Conference on Very Large Data Bases; 2013.
Article Google Scholar
Bajaj S, Sion R. HIFS: history independence for file systems. In: Proceedings of the 20th ACM Conference on Computer and Communications Security; 2013.
Google Scholar
Benjamin CM, Fung KW, Chen R, Yu PS. Privacy-preserving data publishing: a survey of recent developments. ACM Comput Surv. 2010;42(4): 14:1–53.
Google Scholar
Cederquist JG, Corin R, Dekker MAC, Etalle S, den Hartog JI, Lenzini G. Audit-based compliance control. Int J Inf Secur. 2007;6(2):133–51.
Article Google Scholar
Diesburg SM, Andy Wang An-I. A survey of confidential data storage and deletion methods. ACM Comput Surv. 2010;43(1):2:1–37.
Article Google Scholar
EMC. Centera compliance edition plus. http://www. emc.com/data-protection/centera/compliance-edition- plus.htm.
Gennaro R, Gentry C, Parno B. Non-interactive verifiable computing: outsourcing computation to untrusted workers. In: Proceedings of the 30th Annual Conference on Advances in Cryptology; 2010. p. 465–82.
Chapter Google Scholar
Gentry C. Fully homomorphic encryption using ideal lattices. In: Proceedings of the Annual ACM Symposium on Theory of Computing; 2009. p. 169–78.
MATH Google Scholar
GreenTec. Wormdisk. http://greentec-usa.com/wp- content/uploads/2012/05/GreenTec-WORM-Flyer-12- 15-20131.pdf.
IBM. IBM system storage n series with open system snapvault. http://www-03.ibm.com/systems/storage/network/software/.
IBM 4764 PCI-X Cryptographic Coprocessor. Online at http://www-03.ibm.com/security/cryptocards/pcixcc/order4764.shtml.
Li T, Ma X, Li N. Worm-seal: trustworthy data retention and verification for regulatory compliance. In: Proceedings of the 14th European Conference on Research in Computer Security; 2009. p. 472–88.
Chapter Google Scholar
Network Appliance Inc. Snaplock compliance and snaplock enterprise software. http://www.netapp.com/ us/products/protection-software/snaplock.aspx.
Oracle. Storagetek 5320 nas appliance. http://docs.oracle.com/cd/E19783-01/index.html.
Quantum Inc. Dltsage: Write once read many solution. http://www.quantum.com/products/tapedrives/dlt/dltsageworm/index.aspx.
Schneier B, Kelsey J. Secure audit logs to support computer forensics. ACM Trans Inf Syst Secur. 1999;2(2):159–76.
Article Google Scholar
Zhu Q, Hsu WW. Fossilized index: the linchpin of trustworthy non-alterable electronic records. In: Proceedings of the ACM SIGMOD International Conference on Management of Data; 2005. p. 395–406.
Google Scholar

Download references

Author information

Authors and Affiliations

Stony Brook University, Stony Brook, NY, USA
Radu Sion & Sumeet Bajaj

Authors

Radu Sion
View author publications
You can also search for this author in PubMed Google Scholar
Sumeet Bajaj
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Radu Sion or Sumeet Bajaj .

Editor information

Editors and Affiliations

Georgia Institute of Technology College of Computing, Atlanta, GA, USA
Ling Liu
University of Waterloo School of Computer Science, Waterloo, ON, Canada
M. Tamer Özsu

Rights and permissions

Reprints and permissions

Copyright information

About this entry

Cite this entry

Sion, R., Bajaj, S. (2018). Regulatory Compliance in Data Management. In: Liu, L., Özsu, M.T. (eds) Encyclopedia of Database Systems. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-8265-9_305

Download citation

DOI: https://doi.org/10.1007/978-1-4614-8265-9_305
Published: 07 December 2018
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-8266-6
Online ISBN: 978-1-4614-8265-9
eBook Packages: Computer ScienceReference Module Computer Science and Engineering

Publish with us

Policies and ethics