ISOL633 SIU Ch 9 Legal Regulation Compliance and Investigation Wiki Entry

Anonymous

Question Description

Create a Wiki entry on State Laws Protecting Citizens Information and Breach Notification Laws, Chapter 9, from recent news.

pleas find attachment for cheater 9.

APA format


Unformatted Attachment Preview

ISOL 633 Legal regulations, investigation and compliance Chapter 9 - Lesson 9 State Laws Protecting Citizen Information and Breach Notification Laws © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective  Describe state legal compliance laws addressing public and private institutions. • State regulation of privacy and information security • State data breach notification • State encryption regulations • State data disposal regulations • History of state privacy protection laws Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. CALIFORNIA NOTIFICATION LAW  California Database Security Breach Notification Act  First breach notification law  Enacted on July 1, 2003  Purpose to give California residents timely information to protect themselves  Serves as model for other states ChoicePoint Data Breach • ChoicePoint was a data broker • Databases contained public information and names, addresses, Social Security numbers, credit history, DNA information • Breach in late 2004; disclosed in February 2005, notified California residents • ChoicePoint data breach spurred creation of data breach notification laws in many states • 35 states began looking at breach notification laws in 2005 alone Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. ChoicePoint Data Breach…Continued • Second violation in 2008 • Changes in internal security controls led to additional breaches for which company was not alerted to unauthorized access to data • Violations of the 2006 agreement Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. California Breach Notification • Definition of Security Breach: Unauthorized acquisition of computerized data for which the confidentiality, security or integrity of the personal (unencrypted) information is compromised. • Definition of “Personal Information” is very broad under the California law. It could include a person’s name combined with SS#, Drivers’ license number, Account number, credit or debit card number, medical or health information, email address combined with password or answer to security question. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. CALIFORNIA NOTIFICATION LAW Who Must Comply? State agencies Nonprofit organizations Private organizations Business Any entity storing info on California residents California Breach Notification…continued • Caveat - The law applied to businesses located outside the state of California, as long as the information they were storing was of a California resident. • Trigger for notification: – When breach occurs – When company reasonably believes breach has occurred • When to notify? – Asap – Exceptions: To determine scope of breach and to allow law enforcement to conduct criminal investigation Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. California Breach Notification • Type of Notification Required (as the law was amended in 2011) – – – – Written in plain language Include name and address of entity making notice List of information potentially compromised Facts about the breach including but not limited to dates of breach – Contact information for major credit card reporting agencies – Notification to the Attorney General when the breach affects more than 500 customers for a single breach • Exceptions to the written notice requirements Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. California Breach Notification • What is the “safe harbor”? – Legal concept where a party can demonstrate that it took specific good faith actions to follow the law. – Properly encrypted data is a safe harbor when data breaches occur in spite in spite of encryption • Private causes of action exist under California lBreach notice laws Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. DIFFERENCES IN DATA BREACH NOTIFICATION LAWS BETWEEN STATES  Activities that constitute a breach  Arizona uses two-part test  Ohio –material risk of theft or fraud  Entities covered by the law  Georgia –Applies to information brokers and exempts government agencies, applies to DIFFERENCES IN DATA BREACH NOTIFICATION LAWS BETWEEN STATES…CONTINUED  Time for notifying residents  California vague – Ohio – 45 days of discovery  Content of notice  Minimum encryption requirements  Undefined under California law. Compare to Indiana law  Civil and/or criminal penalties  Private Causes of Action  Allowed in California Breach Notification and Federal Legislation • No federal breach notification law exists today • State laws differ in the area of breach notification • Book’s hypothetical question of “what happens with state laws if a federal breach notification law is passed?” Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Data-Specific Security and Privacy Regulations • Minnesota and Nevada – Require businesses to comply with Payment Card Industry standards • Indiana – Limits SSN use and disclosure Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Encryption Regulations • Massachusetts – “Standards for the Protection of Personal Information of Residents of the Commonwealth” – Applies to data in paper and electronic form – Applies to any person that uses and stores personal information about a resident as a part of the sale of goods of services. – Requires the creation of an information security program similar to Gramm-Leach-Bliley – Requires encryption of personal information while stored on the entity’s system – Unique and controversial by attempting to regulate business outside its state Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Encryption Regulations • Nevada – Standards-based Encryption – Data collectors must use encryption when transmitting personal information outside of their business network – Applies to data when stored and when transmitted – References and requires industry standards to be used for encryption – Federal Information Processing Standards issued by the NIST – Safe Harbor applies Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Data Disposal Regulations • Washington – Record – any material that holds information in either electronic or paper form – Destroy means changing it to a form that is no longer readable or decipherable. (examples, shredding, erasing, or modifying) – Health and financial data must be destroyed when no longer needed – Law applies to any person or entity in the state – Allows private causes of action • New York – No person or business may dispose of a record containing “personal identifying information” without shredding, destroying, or modifying it – Record is any information held in any physical form, both paper and electronic Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Thank you! • Questions? – Dr. Les Stovall – Leslie.Stovall@ucumberlands.edu Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. ...
Purchase answer to see full attachment

Tutor Answer

Proff_White
School: Cornell University

Attached.

Running head: STATE LAWS PROTECTING CITIZENS INFORMATION

State Laws Protecting Citizens Information and Breach Notification Laws

Student’s name:
Institutional affiliation:

1

STATE LAWS PROTECTING CITIZENS INFORMATION

2

State Laws Protecting Citizens Information and Breach Notification Laws
The state of California is historically the first state to enact security breach notification
laws. The laws referred to as California notification law was signed into law in July, 2003. The
core purpose of the law was to help citizens get timely information regarding breaches, and thus
protect themselves from potential loss of data and finances. The California data breach
notification laws, together with the occurrence of the Choice Point data breach in 2004 sensitized
many states to look into data breach notification laws.
The laws are directed at protecting personal information from sabotage and misuse. The
core personal information that is targeted with the laws include a person’s name in combination
with driver’s license number, social security number, credit card number, bank account number,
medical informat...

flag Report DMCA
Review

Anonymous
Top quality work from this tutor! I’ll be back!

Anonymous
It’s my second time using SP and the work has been great back to back :) The one and only resource on the Interwebs for the work that needs to be done!

Anonymous
Thanks, good work

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors