Laws Flashcards
What did the EEA do?
The Economic Espionage Act of 1996 made it a federal offense to steal trade secrets and gave the FBI the authority to investigate economic espionage.
What was California Senate Bill 1386?
The nation’s first data breach law.
What is HIPAA?
The Healthcare and Insurance Portability and Accountability Act. It was one of the first significant attempts to adopt a standard of care for electronic transaction in the health care field.
What is PCI DSS? What are its six broad domains and 12 requirements?
The Six domains and 12 requirements are
D1) Maintain a Secure Network and Systems
R1: Install and maintain firewall configuration to protect cardholder data.
R2: Do not use vendor-supplied defaults for system passwords and other security parameters.
D2) Protect Cardholder Data
R3: Protect stored cardholder data
R4: Encrypt transmission of cardholder data across open public networks.
D3) Maintain and Vulnerability Management Program
R5: Protect all systems against malware and regularly update antivirus software or programs.
R6: Develop an maintain secure systems and applications.
D4) Implement Strong Access Control Measures
R7: Restrict access to cardholder data on a need to know basis.
R8: Identify and authenticate access to system components by assigning a unique ID to each person with access to critical data systems.
R9: Restrict physical access to cardholder data.
D5) Regularly Monitor and Test Networks
R10: Track and monitor all access to network resources and cardholder data.
R11: Maintain a policy that addresses information security for employees and contractors.
D6) Maintain an Information Security Policy.
R12: Maintain a policy that addresses information security for employees and contractors.
What does the Gramm Leach Bliley Act/Financial Services Moderation Act do?
Regulates the use and disclosure of nonpublic personal information about individuals who obtain financial products or services from financial institutions.
What is COPPA?
Children’s Online Privacy Protection Act. The rules adopted under COPPA spell out what a web site operators must include in a privacy policy when collecting personal information from children under 13.
What is SOX?
The Sarbanes-Oxely Act places substantial additional responsibilities on officers and directors of public companies and imposes significant criminal penalties on CEOs who violate the act’s provisions.
What are the two Red Flag Rules?
1) Provide Covered Account Protection (An account that permits multiple transactions).
2) Identify and flag alerts notifications and warnings from a consumer reporting agency, suspicious documents, suspicious personally identifiable information, unusual use of/suspicious activity of a covered account, notices from customers, identify theft victims, law enforcement authorities or other businesses.
