Chapter 10 – Legal and Compliance Part I

Question 1

What is Criminal Law?

Answer 1

Criminal Law encompasses all legal matters where the government is in conflict with a person, group, or organization that violates statutes; includes federal court system. Punishments can be monetary fines, imprisonment, or death. Enforcement is called prosecution.

Question 2

What are State Laws?

Answer 2

State Laws are laws enacted by a state legislature; federal laws supersede state laws.

Question 3

What are Federal Laws?

Answer 3

Federal Laws are laws that affect the entire country; issues of jurisdiction and prosecution are negotiated between law enforcement and courts prior to prosecution.

Question 4

What is Civil Law?

Answer 4

Civil Law is a body of law that deals with personal and community-based law such as marriage and divorce; governs private citizens and disputes. Cases are called lawsuits or litigations and involve restitution of monetary damages or actions, but not imprisonment.

Question 5

What is a Contract?

Answer 5

A Contract is an agreement between parties; in a breach of contract, a party can sue for court-ordered relief in money or other considerations.

Question 6

What is Common Law?

Answer 6

Common Law is the existing set of rulings and decisions made by courts, informed by cultural mores and legislation, creating precedents that parties cite in court.

Question 7

What is Administrative Law?

Answer 7

Administrative Law consists of laws not created by legislatures but by executive decisions and functions; federal agencies can create, monitor, and enforce their own administrative law.

Question 8

What is the ECPA?

Answer 8

The ECPA (Electronic Communication Privacy Act) restricts the government from putting wiretaps on phone calls and electronic communication.

Question 9

What is the GLBA?

Answer 9

The GLBA (Graham-Leach-Bliley Act) allows banks to merge with insurance companies and financial institutions while keeping customer account information secure and private.

Question 10

What is SOX?

Answer 10

SOX (Sarbanes-Oxley Act) promotes transparency in publicly traded corporations’ financial activities and includes provisions for securing data.

Question 11

What is HIPAA?

Answer 11

HIPAA (Health Insurance Portability and Accountability Act) protects patient records and data, known as ePHI.

Question 12

What is FERPA?

Answer 12

FERPA (Family Educational Rights and Privacy Act) prevents academic institutions from sharing student data with anyone other than parents or students after age 18.

Question 13

What is the DMCA?

Answer 13

The DMCA (Digital Millennium Copyright Act) protects owned data and makes cracking access controls on copyrighted media a crime.

Question 14

What is the CLOUD Act?

Answer 14

The CLOUD Act allows US law enforcement and courts to compel American companies to disclose data stored in foreign data centers.

Question 15

What is FedRAMP?

Answer 15

FedRAMP is a US federal program that mandates a standardized approach to security assessments, authorization, and continuous monitoring of cloud products/services.

Question 16

What are Direct Indicators in PII?

Answer 16

Direct Indicators are data elements that immediately reveal a specific individual, such as mobile phone number, IP address, or SSN.

Question 17

What are Indirect Indicators in PII?

Answer 17

Indirect Indicators are characteristics that can reveal the identity of a person; examples include location, birthplace, and pets.

Question 18

What is Anonymization?

Answer 18

Anonymization is the process of removing identifiers from data; certain jurisdictions require this for both indirect and direct identifiers.

Question 19

What is GDPR?

Answer 19

GDPR (General Data Protection Regulation) is the EU’s most significant privacy law, codifying principles for handling personal information of EU citizens.

Question 20

What is a Data Subject?

Answer 20

A Data Subject is an individual whom PII refers to; a human being.

Question 21

What is a Data Controller?

Answer 21

A Data Controller is the entity collecting or creating PII; responsible for unauthorized disclosure of PII.

Question 22

What is a Data Processor?

Answer 22

A Data Processor is the entity acting on behalf of the Data Controller, performing manipulation, storage, or transmission of PII.

Question 23

What are ISMSs?

Answer 23

ISMSs (Information Security Management Systems) provide a holistic overview of the entire security program within an organization, detailed in ISO 27001.

Question 24

What is eDiscovery?

Answer 24

eDiscovery is the process of identifying and obtaining electronic evidence for prosecutorial or litigation purposes; ISO 27050 is the industry standard.

Question 25

What is the purpose of ISO/IEC 27037:2012?

Answer 25

ISO/IEC 27037:2012 is a guide for collecting, identifying, and preserving electronic evidence.

Question 26

What is the purpose of ISO/IEC 27041:2015?

Answer 26

ISO/IEC 27041:2015 is a guide for incident investigation.

Question 27

What is the purpose of ISO/IEC 27042:2015?

Answer 27

ISO/IEC 27042:2015 is a guide for digital evidence analysis.

Question 28

What is the purpose of ISO/IEC 27043:2015?

Answer 28

ISO/IEC 27043:2015 outlines incident investigation principles and processes.

Question 29

What is the purpose of ISO/IEC 27050-1:2016?

Answer 29

ISO/IEC 27050-1:2016 provides an overview and principles for eDiscovery.