Chapter 4 Laws, Regulations, and Compliance Flashcards
contains prohibitions against acts such as murder, assault, robbery, and arson
criminal law
civil law
administrative law
criminal law
it is incumbent upon the person who thinks they
have been wronged to obtain legal counsel and file a lawsuit
criminal law
civil law
administrative law
civil law
policies, procedures, and regulations that govern daily operations
criminal law
civil law
administrative law
administrative law
guarantees the creators of “original works of authorship” protection against
the unauthorized duplication of their work.
Copyright law
Digital Millennium Copyright Act
Copyright law
prohibition of attempts to circumvent
copyright protection mechanisms placed on a protected work by the copyright holder.
Copyright law
Digital Millennium Copyright Act
Digital Millennium Copyright Act
limits the liability of Internet service providers when their circuits are
used by criminals violating the copyright law.
Digital Millennium Copyright Act
intellectual property that is absolutely critical to their business and
signif cant damage would result if it were disclosed to competitors and/or the public
Patents
Trade Secrets
Trademarks
Trade Secrets
It severely limits the ability of federal government agencies
to disclose private information to other persons or agencies without the prior written consent
of the affected individual(s)
Electronic Communications Privacy Act of 1986
Privacy Act of 1974
Economic and Protection of Proprietary Information Act of 1996
Communications Assistance for Law Enforcement Act (CALEA) of 1994
Privacy Act of 1974
extends the defi nition of property to
include proprietary economic information so that the theft of this information can be considered
industrial or corporate espionage
Electronic Communications Privacy Act of 1986
Privacy Act of 1974
Economic and Protection of Proprietary Information Act of 1996
Communications Assistance for Law Enforcement Act (CALEA) of 1994
Economic and Protection of Proprietary Information Act of 1996
requires all communications
carriers to make wiretaps possible for law enforcement with an appropriate court order,
regardless of the technology in use
Electronic Communications Privacy Act of 1986
Privacy Act of 1974
Economic and Protection of Proprietary Information Act of 1996
Communications Assistance for Law Enforcement Ac
Communications Assistance for Law Enforcement Act (CALEA) of 1994
This act makes identity theft a crime against the person whose identity was stolen and
Gramm‐Leach‐Bliley Act of 1999
USA PATRIOT Act of 2001
Family Educational Rights and Privacy Act
Identity Theft and Assumption Deterrence Act
Identity Theft and Assumption Deterrence Act
Parents must give verifiable consent to the collection of information about children younger than the age of 13 prior to any such collection.
Gramm‐Leach‐Bliley Act of 1999
USA PATRIOT Act of 2001
Family Educational Rights and Privacy Act
Identity Theft and Assumption Deterrence Act
Family Educational Rights and Privacy Act
greatly broadened the powers of
law enforcement organizations and intelligence agencies across a number of areas, including
when monitoring electronic communications.
Gramm‐Leach‐Bliley Act of 1999
USA PATRIOT Act of 2001
Family Educational Rights and Privacy Act
Identity Theft and Assumption Deterrence Act
USA PATRIOT Act of 2001
it included a number of limitations on the types of information that
could be exchanged even among subsidiaries of the same corporation and required fi nancial
institutions to provide written privacy policies to all their customers
Gramm‐Leach‐Bliley Act of 1999
USA PATRIOT Act of 2001
Family Educational Rights and Privacy Act
Identity Theft and Assumption Deterrence Act
Gramm‐Leach‐Bliley Act of 1999
These seven requirements for the processing of personal information:
Notice They must inform individuals of what information they collect about them and
how the information will be used.
Choice They must allow individuals to opt out if the information will be used for any other purpose or shared with a third party. For information considered sensitive, an opt‐in
policy must be used.
Onward Transfer Organizations can share data only with other organizations that
comply with the safe harbor principles.
Access Individuals must be granted access to any records kept containing their personal
information.
Security Proper mechanisms must be in place to protect data against loss, misuse, and unauthorized disclosure.
Data Integrity Organizations must take steps to ensure the reliability of the information
they maintain.
Enforcement Organizations must make a dispute resolution process available to individuals and
provide certifi cations to regulatory agencies that they comply with the safe harbor provisions.
are outlined by what directive?
European Union Privacy Law
What standard is not dictated by law and governs the security of credit card information and is enforced through the terms
of a merchant agreement between a business that accepts credit cards and the bank that
processes the business’s transactions.
Payment Card Industry Data Security Standard (PCI DSS) is
mandate baseline security requirements
for all federal agencies. such as:
To give the National Institute of Standards and Technology (NIST) responsibility for
developing standards and guidelines for federal computer systems. For this purpose,
NIST draws on the technical advice and assistance (including work products) of the
National Security Agency where appropriate.
■ To provide for the enactment of such standards and guidelines.
■ To require the establishment of security plans by all operators of federal computer
systems that contain sensitive information.
■ To require mandatory periodic training for all people involved in management, use, or
operation of federal computer systems that contain sensitive information.
Computer Security Act of 1987
■ The guidelines formalized the p rudent man rule , which requires senior executives to
take personal responsibility for ensuring the due care that ordinary, prudent individuals
would exercise in the same situation. This rule, developed in the realm of fiscal
responsibility, now applies to information security as well.
■ The guidelines allowed organizations and executives to minimize punishment for
infractions by demonstrating that they used due diligence in the conduct of their information
security duties.
■ The guidelines outlined three burdens of proof for negligence. First, the person accused
of negligence must have a legally recognized obligation. Second, the person must have
failed to comply with recognized standards. Finally, there must be a causal relationship
between the act of negligence and subsequent damages.
Federal Sentencing Guidelines
■ Broadens CFAA to cover computer systems used in international commerce in addition
to systems used in interstate commerce
■ Extends similar protections to portions of the national infrastructure other than computing
systems, such as railroads, gas pipelines, electric power grids, and telecommunications
circuits
■ Treats any intentional or reckless act that causes damage to critical portions of the
national infrastructure as a felony
National Information Infrastructure Protection Act of 1996