the sarbanes-oxley act: requires financial institutions to ensure the security of customer data. imposes responsibility on companies and management to safeguard the accuracy of financial information. outlines medical security and privacy rules. requires that companies retain electronic records for at least 10 years. specifies best practices in information systems security and control.