Since you are designing a database that stores information about people, it’s important to touch on the question of protected information. Whenever possible, you should avoid storing this information in your solution, especially credit card information or social security numbers. But when it’s necessary to do so, you’ll want to make more sophisticated use of the FileMaker security model. A good way to get started is to read the FileMaker Security Guide, which outlines best practices across the entire FileMaker platform.
You’ll also need to familiarize yourself with the regulations that apply to your protected data. We’ve included a list of some of the major guidelines to help get you started. These guidelines are provided for informational purposes only and are not intended to be a comprehensive list of all rules and regulations regarding protected data.
Major Security Guidelines
- PCI or Credit Card Information
The PCI Data Security Standard can help you understand how to ensure the safe handling of cardholder information within your business. It provides a framework for developing a robust payment card data security process -- including prevention, detection and appropriate reaction to security incidents.
- Social Security Numbers
The SSN is a primary target for identity thieves, and falls into the category of sensitive private protected information (PPI). If you have to keep some record of the card used in transactions, use the last 4 digits of the number.
- Health care information
Health care information is protected by legislation with significant financial consequences.
The Health Insurance Portability and Accountability Act (HIPAA) sets forth detailed guidelines for the handling of individually identifiable health information to entities in their role as health care providers, health plans, or health care clearinghouses.
- Student loan information: Gramm-Leach-Bliley Act (GLBA)
This legislation includes provisions to protect consumers’ personal financial information held by financial institutions and higher education organizations, generally associated with student loans.
- Human research data: Federal Policy for the Protection of Human Subjects ('Common Rule’)
By law, Americans are guaranteed ethical treatment when they agree to participate in biomedical research including clinical trials.
This policy sets forth a series of requirements to regulate this research.
- Student education records: Family Educational Rights and Privacy Act (FERPA)
The privacy of student education records is protected by law.
FERPA protects records that contain information directly related to a student and which are maintained by an educational agency or institution.
- Personnel data: (no single policy)
While there is no universal legal definition of private employee data, it generally includes employee addresses, photos, social security numbers, dates of birth, protected class information and medical records. You should also safeguard any other information that employees could reasonably expect to remain private.
THIS INFORMATION IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, AND FILEMAKER, INC., DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, OR THE WARRANTY OF NON-INFRINGEMENT. IN NO EVENT SHALL FILEMAKER, INC., OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS, PUNITIVE OR SPECIAL DAMAGES, EVEN IF FILEMAKER INC., OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY. FILEMAKER MAY MAKE CHANGES TO THIS INFORMATION AT ANY TIME WITHOUT NOTICE. THIS INFORMATION MAY BE OUT OF DATE AND FILEMAKER MAKES NO COMMITMENT TO UPDATE THIS INFORMATION.