Un-Categorize Flashcards
P&DP
Privacy & Data Protection
OECD
Organization for Economic Cooperation and Development
Organization for Economic Cooperation and Development
Privacy and Security Guidelines — aims to globally protect privacy through a practical, risk-management-based approach
Principles of OECD
- Collection limitation
- Data quality
- Purpose specification
- Use limitation
- Security Safeguards
- Openness
APEC
Asia-Pacific Economic Cooperation
Asia-Pacific Economic Cooperation
Privacy Framework — Ensure free flow of information and open conduct of business within the region, while protecting privacy (but not as stringently as EU)
EU — GDPR Principles
- Consent
- Transfer abroad
- The right to be forgotten
- Establishing the role of data protection officer
- Access requests
- Home state regulation
- Increase sanctions
opt-in
opt-out by default; must take action to opt-in prior to data collection.
PCI-DSS
Lvl 2-4 self-audit
Lvl 1 formal audit, more than 6 million transactions per year
Contract vs law; falls under contract -> civil law -> TART ; Civil suit for non-compliance
PCI-DSS 12 requirements
- Build & maintain a firewall
- Do not use vendor-supplied defaults
- Protect stored cardholder data
Never store the CCV/CVV - encrypt transmission over the public network
- Use regulated updated AV
- Develop & Maintain secure systems & applications
- Restrict - Need to know
- Use - use unique user IDs for all that have access to cardholder data
- Restrict physical access
- Track & Monitor - all network & cardholder data access
- Test - security systems
- Maintain an information security policy
preponderance of evidence
> 50% (Civil lawsuit)
EAR - Export Administration Regulations
Department of Commerce
export & import of most commercial goods
ITAR - international traffic in Arms Regulations(ITAR)
Department of state
Export and import of defense-related articles
