Ch4 Flashcards
Criminal Law
protects society against acts that violate basic principles we believe in
violations of criminal law
prosecuted by Federal and State governements
Civil Law
provides a framework for the transaction of business between people and organizations
violations of civil law
brought to the court and argued by the two affected parties
Administrative Law
- used by government agencies to effectively to carry out their day-to-day business
- Consist of policies, procedures, regulations
- Do NOT require an act of the legislative branch to implement at Feral level
- Do NOT require an act of Congress
- subject to judicial review
- must comply with criminal and civil laws
- protects computers used by goverment or in interstate commerce from a variety of abuses
- provides criminal and civil penalties for those convicted of using virus, worms, Trojan horses and other malicious code to cause damage to computer systems
Computer Fraud & Abuse Act
- outlines steps government must take to protect its own systems from attack
- requires mandatory training for all people involved in managing, using, or operating Federal computers that contain sensitive information
Computer Security Act
Who is responsible for managing Federal government computer systems that process classified and sensitive information
NSA (National Security Agency)
Who manages all Federal government computer systems that are NOT used to process sensitive national security information
NIST (National Institute of Standards & Technology)
guarantees the creators of “original works of authorship” protection against
the unauthorized duplication of their work.
Copyright Law
words, slogans, and logos used to identify a company and its products or
services.
Trademark protection
Patents
- must be new or original
- must be useful and accomplish a task
- must NOT be obvious
intellectual property that is absolutely critical to their business and
signifcant damage would result if it were disclosed to competitors and/or the public
trade secrets
- severe penalties for companies that collect information from young children without parental consent
- consent must be obtained from the parents of children younger than age 13
- Childrens Online Privacy Protection Act (COPPA)
develops Federal government information security program
Government Information Security Reform Act (GISRA)
prohibits the circumvention of copy protection placed in digital media & limits liability of ISPs
Digital Millenium Copyright Act of 1998
provides penalties for individuals found guilty of the theft of trade secrets. Harsher penalties when individuals know information will benefit foreign government
Economic Espionage Act 1996
framework for enforcement of various software licensing agreements such as click-wrap & shrink-wrap agreements
Uniform Computer Information Transaction Act (UCITA)
first statewide requirement for notification to individuals of PII data breaches; currently only HIPAA breaches requires notification by Federal Law
California SB 1386
prudent man rule
Federal Sentencing Guidelines - , requires senior executives to take personal responsibility for ensuring the due care that ordinary, prudent individuals would exercise
what are the three burdens of proof for negligence as defined in the Federal Sentencing Guidelines
- legally recognized obligation
- failed to comply with recognized standards
- the act of negligence must have caused the subsequent damages.
Extends CFAA to infrastructure (railroads, gas pipelines, electrical grids & telecommunication circuits) and makes it a felony
National Information Infrastructure Protection Act
NIIPA
places the burden of maintaining the security and integrity of government information and information systems squarely on the shoulders of individual agency leaders
.Government Information Security Reform Act (GISRA)
federal agencies implement an information security program that covers the agency’s operations to include the activities of contractors
Federal Information Security Management Act (FISMA)
prohibits government agents from searching private property without a warrant and probable cause. The courts have expanded their interpretation to include protections against wiretapping and other invasions of privacy.
4th amendment
the most significant piece of privacy legislation restricting the way the federal government may deal with private information about individual citizens. It severely limits the ability of federal government agencies to disclose private information to other persons or agencies without the prior written consent of the affected individual(s). It does provide for exceptions involving the census, law enforcement, the National Archives, health and safety, and court orders.
Privacy Act of 1974
- makes it a crime to invade the electronic privacy of an individual
- broadened the Federal Wiretap Act, to apply to any illegal interception of electronic communications or intentional, unauthorized access of electronically stored data
- prohibits the disclosure of electronic communication
- protects against the monitoring of email and voicemail communications
- prevents providers of those services from making unauthorized disclosures of their content.
Electronic Communication Privacy Act
requires all communications carriers to make wiretaps possible for law enforcement with an appropriate court order, regardless of the technology in use.
CALEA - Communications Assistance for Law Enforcement
extends the definition of property to include proprietary economic information so that the theft of this information can be considered industrial or corporate espionage. This changed the legal definition of theft so that it was no longer restricted by physical constraints.
Economic and Protection of Proprietary Information Act
privacy and security regulations requiring
strict security measures for hospitals, physicians, insurance companies, and other organizations that process or store private medical information about individuals
HIPPA - Health Insurance Portability and Accountability Act
- directly subject to HIPAA and HIPAA enforcement actions in the same manner as a covered entity
- entities who experience a data breach must notify affected individuals of the breach and must also notify both the Secretary of Health and Human Services and the media when the breach affects more than 500 individuals
Health Information Technology for Economic and Clinical Health Act (HITECH)
strict governmental barriers between fnancial institutions. Banks, insurance companies, and credit providers that were relaxed due to this law
Gramm‐Leach‐Bliley Act
- broadens Electronic Communications monitoring towards Terrorists due to the 911 attack
- after proving that the circuit was used by someone subject to monitoring. It also allowed authorities to obtain a blanket authorization for a person and then monitor all communications to or from that person under the single warrant.
- ISPs may voluntarily provide the government
with a large range of information.
USA Patriot Act of 2001
- grants certain privacy rights to students older than 18 and the parents of minor students.
■ Parents/students have the right to inspect any educational records
■ Parents/students have the right to request correction of records they think are erroneous
■ Schools may not release personal information from student records without written consent
Family Educational Rights and Privacy Act
act makes identity theft a crime against the person whose identity was stolen and provides severe criminal penalties (up to a 15‐year prison term and/or a $250,000 fne) for anyone found guilty of violating this law
Identity Theft and Assumption Deterrence Act
European Union Privacy Law
Notice They must inform individuals of what information they collect about them and
how the information will be used.
Choice They must allow individuals to opt out if the information will be used for any other purpose or shared with a third party. For information considered sensitive, an opt‐in policy must be used.
Onward Transfer Organizations can share data only with other organizations that comply with the safe harbor principles.
Access Individuals must be granted access to any records kept containing their personal
information.
Security Proper mechanisms must be in place to protect data against loss, misuse, and unauthorized disclosure.
Data Integrity Organizations must take steps to ensure the reliability of the information they maintain.
Enforcement Organizations must make a dispute resolution process available to individuals and
provide certifications to regulatory agencies that they comply with the safe harbor provisions.
Sarbanes-Oxley Act of 2002
- applies to all public companies that have registered equity or debt securities with the Securities and Exchange Commission (SEC)
- personnel responsible for auditing, monitoring, and reviewing security do not have other operational duties related to what they are auditing, monitoring, and reviewing
