Payment Card Industry (PCI) Compliant for a merchant means that they are adhering to the set of procedures and policies developed to protect cash card transactions of credit and debit cards and prevent the misuse of the user personal information.

Five different programs had been

started by card companies:

• Visa's Cardholder Information Security Program *
• MasterCard's Site Data Protection
• American Express's Data Security Operating Policy
• Discover's Information Security and Compliance
• the JCB's Data Security Program

The intentions of each were roughly similar: to create an additional level of protection for card issuers by ensuring that merchants meet minimum levels of security when they store, process, and transmit cardholder data. To remove the interoperability problems among the existing standards, the combined effort made by the principal credit card organizations resulted in the release of version 1.0 of PCI DSS in December 2004. PCI DSS has been implemented and followed across the globe.

 The Payment Card Industry Security Standards Council (PCI SSC) was then formed and these companies aligned their individual policies to create the PCI DSS. MasterCard, American Express, Visa, JCB International and Discover Financial Services established the PCI SSC in September 2006 as an administration/governing entity which mandates the evolution and development of PCI DSS.

Independent/private organizations can participate in PCI development after proper registration. Each participating organization joins a particular SIG (Special Interest Group) and contributes to the activities which are mandated by the SIG.

HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996.

HIPAA Guidelines:

Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs;

Reduces health care fraud and abuse;

Mandates industry-wide standards for health care information on electronic billing and other processes; and

Requires the protection and confidential handling of protected health information.

The General Data Protection Regulation (GDPR) standardizes data protection law across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information (PII).

It also extends the protection of personal data and data protection rights by giving control back to EU residents. GDPR replaces the 1995 EU Data Protection Directive, and went into force on May 25, 2018. It also supersedes the 1998 UK Data Protection Act.