Laws - US Flashcards
(25 cards)
1
Q
CCCA
Comprehensive Crime Control Act 1984
A
- First enactment of computer crimes law
- Federal computers that process “sensitive information”
- Took care not to step on state-boundaries, laws
2
Q
CFAA
Computer Fraud and Abuse Act 1986
A
- First law to implement penalties for creators of viruses, worms, etc
- Extended CCCA to all “federal interest computers”
- Includes financial institution computers
- Any use that impedes federal, financial…
- 1994 - Amendments
- Outlawed malware
- Now covers “inter-state” computers, not just “federal interest”
- Imprisonment regardless of intent
- Legal authority for victims to pursue civil actions
3
Q
CSA
Computer Security Act 1987
A
- Mandating baseline security requirements for all federal agencies
- Gave remit to NIST, NSA
- Requires periodic training for all people involved in managing, operating federal systems with sensitive information
4
Q
CALEA
Communications Assistance for Law Enforcement Act 1994
A
- Amended ECPA
* Telcos must comply with wiretap court orders
5
Q
EcPA
Economic and Protection of Proprietary Information Act 1996
A
- Part of EEA 1996
- Extends the defn of property to include proprietary economic information.
- Theft of information = espionage.
- Theft no longer restricted to physical assets.
6
Q
EEA
Economic Espionage Act 1996
A
- Gives true teeth to intellectual property rights of trade secret owners
7
Q
HIPAA
Health Insurance Portability and Accountability Act 1996
A
- HMOs = Health Maintenance Organisations
- PHI = Protected Health Information
- Strict security measures around health records, and disclosure of those.
8
Q
HITECH
Health Information Technology for Economic and Clinical Health Act 2009
A
- Amemdment to HIPAA
- Federal mandating of data breach notification requirements to individuals affected.
- Extends obligations to BA = business associates
9
Q
ECPA
Electronic Communications Privacy Act 1986
A
- Amended the Wiretap Statue of 1968
- Extends government restrictions on wire taps from telephone calls to include transmissions of electronic data by computer
- Added new provisions prohibiting access to stored electronic communications
10
Q
USPA
Privacy Act 1974
A
- Establishes a Code of Fair Information Practice that governs the collection, maintenance, use, and dissemination of personally identifiable information about individuals that is maintained in systems of records by federal agencies.
- A system of records is a group of records under the control of an agency from which information is retrieved by the name of the individual or by some identifier assigned to the individual
11
Q
GISRA
Government Information Security Reform Act 2000
A
- Amends PRA
- Places responsibility on individual agency leaders
- Continues to charge NIST and the NSA with security oversight for non-classified and classified data respectively
12
Q
NIIPA
National Information Infrastructure Protection Act 1996
A
- Further amendments to CFAA
- Computers used in intl commerce
- Utilities - railroads, gas, power grids, telco etc
- Reckless acts = felony
13
Q
COPPA
Children’s Online Privacy Protection Act 1998
A
- Demands on websites that cater to children or knowingly collect information from children
- Parental consent etc
14
Q
NIIPA
National Information Infrastructure Protection Act 1996
A
- Part of EEA 1996
- Further amendments to CFAA
- Computers used in intl commerce
- Utilities - railroads, gas, power grids, telco etc
- Reckless acts = felony
15
Q
GLBA
Gramm-Leach-Bliley Act 1999
A
- A “civil law”
- Financial institutions
- Relaxed rules on sharing information
- Introduced new rules to compensate
16
Q
USA PATRIOT Act 2001
A
- Providing Appropriate Tools to Intercept and Obstruct Terrorism
- Amends CFAA
17
Q
FISMA
Federal Information Security Management Act 2002
A
- Federal agencies must implement info security programme
- Extends to contractors also
- NIST responsible for guidelines
18
Q
FERPA
Family Educational Rights and Privacy Act
A
- Gives parents
- Access to their child’s education records
- An opportunity to seek to have the records amended, and
- Some control over the disclosure of information from the records
19
Q
ITADA
Identity Theft and Assumption Deterrence Act 1998
A
- Identity theft
- Makes the possession of any “means of identification” to “knowingly transfer, possess, or use without lawful authority” a federal crime
- …alongside unlawful possession of identification documents
20
Q
FOIA
Freedom of Information Act 1966
A
- A federal freedom of information law
- Allows for the full or partial disclosure of previously unreleased information and documents controlled by the United States government
21
Q
FOIA
Freedom of Information Act 1966
A
- A federal freedom of information law
- Allows for the full or partial disclosure of previously unreleased information and documents controlled by the United States government
22
Q
UCITA
Uniform Computer Information Transactions Act 2000
A
- A model law (attempting to bring consistency across states)
- Allows a shrinkwrap license to override vendor’s liability for faults
- Only specifies a set of guidelines
- Has only been passed in two states, Virginia and Maryland
23
Q
DMCA
Digital Millennium Copyright Act 2000
A
- Criminalises production and dissemination of technology, devices, or services intended to circumvent measures (commonly known as digital rights management or DRM)
- Implements the exemption from direct and indirect liability of Internet service providers and other intermediaries
- Does require that the ISP had nothing otherwise to do with the traffic (but has no geographical provisions)
- implements two 1996 treaties of the World Intellectual Property Organization (WIPO)
24
Q
SOX
Sarbanes-Oxley 2002
A
- Financial reporting of publicly traded company boards, management and public accounting firms
- Reaction to Enron, Arhur Anderson, WorldCom scandals
25
OPPA
| California Online Privacy Protection Act 2003
* Requires conspicuously posted privacy policy for any commercial website or service collecting personal info an Cali residents
