IS3350 CHAPTER 9 Flashcards Preview

CSC 6530 SECOND-TERM > IS3350 CHAPTER 9 > Flashcards

Flashcards in IS3350 CHAPTER 9 Deck (18)
Loading flashcards...
1

A law that requires that state residents be notifies if an entity experiences a security breach that compromises their personal data is called ___?

BREACH NOTIFICATION LAW

2

The materials generated while creating laws. It includes committee reports and hearings. It also transcripts of debate and reports issued by legislatures. It is reviewed to help determine what a legislature intended when it created a law and is called ___?

LEGISLATIVE HISTORY

3

A legal concept that protects an entity from liability if it follows the law is called a ___?

SAFE HARBOR

4

1. The ChoicePoint data breach was the triggering event that caused many states to create data protection laws.
TRUE OR FALSE

TRUE

5

2. California's breach notification law went into effect in ___.

2003

6

3. Most states define personal information as NAME and which of the following elements?

1. Date of birth
2. Address
3. Phone number
4. Social Security number
5. None of the above

Social Security number

7

4. An encryption safe harbor is ___.

A legal concept that protects an entity from liability if it follows the law

8

5. What is a stat breach notification law?

1. A law that requires that residents be notified if a dam breaks
2. A law that requires residents be notified if a business has a security breach that compromises their personal data
3. A law that requires that residents be notified if a business has a security breach that compromises the business's confidential data
4. A law that requires that businesses be notified if a government has a security breach that compromises the business's confidential data
5. None of the above

A law that requires residents be notified if a business has a security breach that compromises their personal data

9

6. Which types of entities are sometimes excluded from breach notification laws?

1. GLBA financial institutions
2. HIPAA covered entities
3. Out-of-state businesses
4. 1 & 2 only
5. 1, 2, & 3

GLBA financial institutions
&
HIPAA covered entities

10

7. What is NOT a business day?

1. An official workday
2. A day of the week that includes Monday through Friday
3. Memorial Day
4. Tuesday
5. None of the above

Memorial Day

11

8. "Clear and conspicuous" notice means that ___.

A person must be able to easily understand it.

12

9. Which states allow data breach notification to be given by telephone?

1. California
2. Colorado
3. North Carolina
4. 1 & 2
5. 2 & 3

Colorado
&
North Carolina

13

10. What technology standards are permitted under the Nevada encryption law?

1. PCI DSS
2. SO 1799
3. NIST
4. FTC
5. HIPAA

NIST

14

11. Which states have required businesses to follow all, or part, of the PCI DSS?

1. Minnesota
2. Nevada
3. California
4. 1 & 2
5. 1 & 3

Minnesota
&
Nevada

15

12. A private cause of action is ___.

A legal concept that describes a person's right to sue another for harm that the latter caused.

16

13. If the US Congress creates a federal breach notification law, what happens to state laws?

1. They are no longer valid
2. They are still valid as long as they are stricter than federal law
3. They are still valid in their original form
4. They are still valid so long as they are weaker than federal law
5. None of the above

They are no longer valid

17

14. What is the purpose of legislative history?

1. To help determine which laws to abolish
2. To help decide how to create new laws
3. To help determine how old a law is
4. To help determine what a legislature intended when it created a law
5. None of the above

To help determine what a legislature intended when it created a law

18

15. What is one of the biggest differences between civil and criminal law?

1. The amount of fines
2. Whether a person can be sentenced to prison
3. How long the offer stays on your criminal record
4. The type of judge that hears the case
5. The color of the prison jumpsuits

Whether a person can be sentenced to prison