CSCI 2201: Chapter 6 Laws & Regulations Flashcards
(29 cards)
What does the USA PATRIOT Act stand for?
Computer Fraud and Abuse Act
What is the USA PATRIOT Act applied to?
Computing and computer-related issue
True or False: Information security, privacy, HR, and legal departments work closely to each other to take care any law violations
True
European Union’s (EU) Data Protection Directive (Directive 95/46/EC):
Protects individual’s personally identifiable information (PII)
Much more stringent than current US requirements
Thus, if an US company is storing data on EU citizens in the United States, they must still comply with EU laws
Regulatory Compliance is…
very specific to the industry in which a given company or organization is OPERATING and how it is STRUCTURED
An important detail about Industry Compliance is that…
Industries may have compliance with regulations not mandated by law
Privacy-related Information for E-commerce:
name, address, social security number, phone number, e-mail address, mobile device information, IP address, MAC address, and any number of other similar points of data
Privacy-related Information for financial institutions or schools:
date of birth, information on dependants, credit history, previous residences, sample of a signature
Thee unauthorized exposure of _______ information can be very harmful
privacy-related personal information
What are the penalties for unauthorized exposure of personal information?
lawsuits, reputational damage, fines from regulators, and a number of other expenses. For a large breach, the cost of mitigation can be hi
Thee dictionary definition of privacy is…
“The state or condition of being free from being observed or disturbed by other people”
InfoSec Example of the concept of privacy:
There are federal, state, local, and tribal laws that govern what can be done or recorded
We have to follow these laws if we have, e.g., camera as part of our security infrastructure
According to USA Federal Privacy Act, the first privacy right is:
First: it requires government agencies to show an individual any records kept on him or her
According to USA Federal Privacy Act, the second privacy right is:
Second: it requires agencies to follow certain principles, called ‘fair information practices,’ when gathering and handling personal data
According to USA Federal Privacy Act, the third privacy right is:
Third: it places restrictions on how agencies can share an individual’s data with other people and agencies
According to USA Federal Privacy Act, the fourth privacy right is:
Fourth: it lets individuals sue the government for violating its provisions
Large business across all states, like Amazon, need to ensure…
compliance with all states and federal laws
Example of sensitive data:
name, address, social security number, payment card data, date of birth, e-mail address, phone numbers, IP addresses, MAC addresses, operating system and application information, mobile device information, biometric data
Asocial media company may not tread any of the information as sensitive but rather users may sign an agreement that…
their data is open
Computing security laws and regulations may vary across…
geographical locations
______________ might affect businesses and organizations
Regulatory compliance and industry compliance
Privacy issues may come into play when…
conducting business
Which of the following departments must work together to take care of any law violations?
a. Security
b. HR
c. Legal department
d. All of the above
d. All of the above
Regulatory compliance in a specific company highly depends on ______
a. Its operations and structures
b. Its policies and regulations
c. Its Incident Response Plan and data policies
d. Its logging and data validation
a. Its operations and structures
