Legal and regulatory

Question 1

HIPAA (Not HIPPA)

Answer 1

Health Insurance Portability and Accountability Act.

Question 2

PHI

Answer 2

Protected Health Information

Question 3

(ECPA):

Answer 3

Electronic Communications Privacy Act

Question 4

Security Breach Notification Laws.

Answer 4

NOT Federal, all 50 states have individual laws, know your state.

Question 5

PATRIOT Act of 2001:

Answer 5

Expands law enforcement electronic monitoring capabilities.

Allows search and seizure without immediate disclosure.

Question 6

CFAA

Answer 6

Computer Fraud and Abuse Act

Question 7

GLBA):

Answer 7

Gramm-Leach-Bliley Act

Applies to financial institutions; driven by the Federal Financial Institutions

Question 8

Sarbanes-Oxley Act of 2002 (SOX):

Answer 8

Directly related to the accounting scandals in the late 90s

Question 9

GDPR

Answer 9

General Data Protection Regulation.
GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).
It does not matter where we are based, if we have customers in EU/EEA we have to adhere to the GDPR.

Question 10

OECD - a guidelines

Answer 10

Organization for Economic Cooperation and Development (OECD) Privacy Guidelines (International):
 30 member nations from around the world, including the U.S.
 OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, issued in 1980
 Eight driving principles:
1. Collection limitation principle.
2. Data quality principle.
3. Purpose specification principle.
4. Use limitation principle.
5. Security safeguards principle.
6. Openness principle.
7. Individual participation principle.
8. Accountability principle.