Domain 1: Legal and Regulatory Issues Flashcards
- Major legal system
- The distinguishing feature here is that precedents and certain case rulings do not carry any weight when it comes to new cases.
Civil law (legal system)
- Major legal system
- A significant emphasis is placed on particular cases and judicial precedents of the past when determining the outcome of current cases.
- Used in the U.S., Canada, U.K. and most former British colonies.
Common Law
- Laws in which the primary goal is to deter crime and punish offenders.
- Branch of law
Criminal law
- Laws that provide financial damages by a preponderance (more likely than not) of evidence.
- Branch of law
Civil law
- Injury (loosely defined) resulting from someone violating their responsibility to provide a duty of care.
- Branch of law
Tort Law
- Type of financial damage
- Damages prescribed by law, which can be awarded to the victim even if the victim incurred no actual loss or injury.
Statutory
- Type of financial damage
- Provides the victim with financial award in effort to compensate for the loss or injury incurred as a direct result of wrongdoing.
Compensatory
- Type of financial damage
- Damages typically awarded to discourage a egregious violation where compensatory or statutory damages alone would not act a deterrent.
Punitive
- Type of Law
- Government mandated regulations that ensure certain industries meet compliance.
Administrative law
Determines whether an organization is legally on the hook for specific actions or inactions.
Liability
Doing what a reasonable person would do in a given situation (aka “prudent man” rule)
Due care
Practicing the activities that maintain the due care effort
Due diligence
Not demonstrating due care resulting damages.
Gross negligence
Requires senior executives to take personal responsibility for ensuring the due care that ordinary, individuals would exercise in the same situation
Prudent man rule
- Type of evidence
- Consists of tangible or physical objects.
Real evidence
- Type of evidence
- Testimony provided by witnesses regarding what they actually experienced through their five senses.
Direct evidence
- Type of evidence
- Serves to establish the circumstances related to other evidence
Circumstantial evidence
- Type of evidence
- Provides additional support for a fact that might have been called into question.
Corroborative evidence
- Type of evidence
- Constitutes second-hand evidence. Typically indirect info relating to direct evidence.
Hearsay evidence
- Type of evidence
- Consists of copies of original documents and oral descriptions.
Secondary evidence
Courts prefer the best evidence possible. i.e. Original docs are preferred over copies, and conclusive tangible objects preferred over oral testimony
Best evidence rule
Documentation regarding who, what, when and where handled the evidence in question
Chain of custody
When someone is persuaded to commit a crime when the person otherwise had no intention to commit a crime.
Entrapment
Making the conditions for committing a crime favorable, but the person is already determined to break the law or intent on doing so.
Enticement
Law put into place that to address computer fraud aka hacking
Computer Fraud and Abuse Act (CFAA)
Law that requires government agencies and contractors to meet compliance with information security standards
Federal Security Management Act (FISMA)
In 2014 FISMA modified the rules of the 2002 FISMA by centralizing federal cybersecurity responsibility with the the Dept. of Homeland Security
Federal Information Systems Modernization Act
Charges the NIST with the responsibility for coordinating nationwide work on voluntary cybersecurity standards.
Cybersecurity Enhancement Act
- Charged the Dept. of Homeland Security with establishing a national cybersecurity and communications integration center.
- The role of this center is to serve as the interface between federal agencies and civilian organizations for sharing cybersecurity risks, incidents, analysis, and warnings.
National Cybersecurity Protection Act
- A brand used to distinguish itself from other products and services in the marketplace.
- i.e. name, logo, symbol, or image.
- In the U.S two symbols are used by entities in order to protect their distinctive marks: ™ and circle R
Trademark
- Provides exclusive rights to inventors to make, use, or sell an invention for a period of time.
- In Europe and the U.S. term is 20 years from the initial filing date.
Patent
Protects creative work from unauthorized duplication, distribution or modification.
Copyright
- Business-proprietary info that is important to an organization’s ability to compete.
- Noncompete and nondisclosure two common protection methods used.
Trade Secrets
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated…
Fourth Amendment
Mandates that government agencies only maintain records that are necessary for conducting their business. Once no longer needed these records need to be destroyed.
Privacy Act of 1974
Prohibits the interception of electronic communication telephones and email.
Electronic Communications Privacy Act of 1986
- Requires communication carriers to make wiretaps possible for law enforcement with an appropriate court order.
- Amendment to Electronic Communications Privacy Act of 1986
Communications Assistance for Law Enforcement Act (CALEA) of 1994
Extended the definition of property to include proprietary info theft, this info can now be considered espionage
Economic Espionage Act of 1996
Governs the privacy concerning patients as it related to hospitals, physicians, insurance companies, and other organizations that store medical info about individuals.
Health Insurance Portability and Accountability Act (HIPAA)
- Any HIPAA covered entity and business associate must be governed by a written contract known as a business associate agreement (BAA). This means business associates are subject to HIPAA enforcement.
- Breach Notification rule HIPAA-covered entities that experience a data breach must notify affected individuals also both Secretary of Health and Human Services when 500 individuals are affected by the breach
Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH)
Deals with how websites collect info from children
Children’s Online Privacy Protection Act of 1998 (COPPA)
Protects the privacy of consumer info as it relates to financial institutions
Gramm-Leach Bliley Act of 1999 (GLBA)
Provision that allows authorities to monitor all communications to and from the person under investigation under a single warrant.
USA PATRIOT Act of 2001
Grants privacy rights to students attending university.
Family Educational Rights and Privacy Act (FERPA)
Law that makes identity theft a crime
Identity Theft and Assumption Deterrence Act
- Privacy act created by the European Union which allows a free flow of info while still maintaining consistent protection of citizen data in each member nation.
- Law has since been replaced
EU Data Protection Directive
- This law passed by the EU to protect the privacy of its citizens (replaced the EU Data Protection Directive)
- Applies to all organizations (even if there not based in the EU) if they collect info from EU residents
- Mandates in a data breach companies must inform the authorities in 72 hours
- People have the right for companies to delete their info if no longer needed
General Data Protection Regulation (GDPR)
Licensing is written on software packaging and takes effect when a user opens the package.
Shrink-wrap agreements
Allows US based organizations the ability to data share info with countries inside the EU.
EU-US safe harbor
- Agreement between the EU and the US that allows the Dept. of Commerce and the Federal Trade Commission (FTC) to certify businesses that comply with regulations and offer them “safe harbor” from prosecution.
- Replaced the Safe Harbor agreement
Privacy Shield agreement
Treaty between the majority of EU members and the US. Establishing standards and international cooperation during investigation and prosecution of cybercrime
Council of Europe Convention on Cybercrime
Controls the export of items that are specifically designated as military and defense items
The International Traffic in Arms Regulations (ITAR)
- List of items that are designed for commercial use but may have military applications
- These are import and export restricted
The Export Administration Regulations (EAR)
Licensing included in a package but requires the user to accept the terms during the software installation process.
Click-through agreements
Guarantees the creators of “original works of authorship” protection against the unauthorized duplication of their work.
Digital Millennium Copyright Act of 1998
The first state to immediately disclose to individuals the known or suspected breach of personally identifiable information
California SB 1386
- Licensing written agreements between a software vendor and user.
- i.e. EULAs
Contractual license agreements
What are some provisions for General Data Protection Regulation (GDPR)?
- Companies must inform authorities of major data breaches with 72 hours
- Each EU member nation must create a centralized data protection authority
- Individuals must have access to their own data
- Information regarding an individual must be transferable to another service provider at the individual’s request
- Individuals retain the “right to be forgotten” and have their information deleted if it is no longer required