To comply with the Sarbanes-Oxley Act (SOX), public companies in the United States are required...

The Sarbanes-Oxley Act (SOX) requires public companies in the United States to establish auditing controls that ensure the security and privacy of financial data. Privacy controls focus on protecting the disclosure of data, ensuring that it is only shared with authorized entities. Security controls, on the other hand, protect against unauthorized use, modification, and damage or loss of data. These controls collectively ensure that financial data is not only kept confidential (privacy) but also remains accurate, available, and secure (security).References: IAPP Certification Textbooks, Section on Regulatory Requirements and Controls, specifically the discussion on SOX compliance.