ISOL633 Schiller International University Law Regulation Analysis

User Generated

creel13495

Computer Science

ISOL633

Schiller International University

Description

you are to write a 4 page paper, using the same APA rules discussed at the residency, on a chapter of your choice (chapters 1 through 8). The topic should be your analysis of the law or regulation, the need for the law/regulation, and a recent example of the law/regulation in the media.

The title page and references does not count towards your page limit.

Unformatted Attachment Preview

ISOL 633 LEGAL REGULATIONS, INVESTIGATION, AND COMPLIANCE Chapter 8 Federal Government Information Security and Privacy Regulations © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. KEY CONCEPTS • Security challenges facing the federal government • Federal government information security and privacy regulation • Federal Information Security Management Act (FISMA) • Office of Management and Budget (OMB) • Other federal agency responsibilities • Import and export laws for information technology Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. INFORMATION SECURITY CHALLENGES FACING THE FEDERAL GOVERNMENT • Federal government is largest producer and user of information in U.S. • Government computer systems hold: • Data critical for government operations • Employment, tax, and citizenship data • Data on businesses operating in the U.S. • Data that’s used to protect the U.S. from threats • Federal IT systems and data in them are attractive targets for criminals • Examples: Pentagon Fighter Jet Blueprints • USAJOBS • IRS • Passports, Green cards, Visas • National Security Information Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. A LITTLE HISTORY…LAWS GOVERNING INFORMATION SECURITY AND PRIVACY • 1987 Computer Security Act (CSA) • 2002 E-Government Act • Title III - Federal Information Security Management Act (FISMA) • 2009 Cyberspace Policy Review • 2013 Obama’s Executive Order on Cybersecurity Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA) ▪ Who must follow? ▪ What is definition of Information Security? ▪ Components: ▪ ▪ ▪ ▪ ▪ ▪ Determine govt agency info security responsibilities Require annual independent review Authorize IST to devp info security standards OMB Oversight – Now shared with DHS Requires risk based approach for NSS Created Federal Security Incident Response Center Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA) (CONTINUED) • • • • • • • • • Risk Assessment Inventory IT system/Update System Implement policies and procedures designed to reduce risk Implement plan for subsystems to support larger information security program Provide training for employees and subcontractors Annual testing Implement contingency plan for repairing weaknesses Implement procedure for responding to incidents of breach Implement business continuity plan Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA) ▪ Testing and Annual Review ▪ National Institute for Standards and Technology ▪ Chief Information Security Officer (CISO) Required for insuring compliance ▪ CyberScope Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. FEDERAL INFORMATION SECURITY MANAGEMENT ACT (FISMA) ▪ Who receives Agency Annual Report and Review Evaluation? ▪ ▪ ▪ ▪ ▪ ▪ House of Representatives Oversight Committee House of Representatives Science and Technology Committee Senate Committee on Governmental Affairs Senate Committee on Commerce, Science and Technology Government Accounting Office Congressional Subcommittee authorizing Agency existence Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. INSPECTOR GENERAL (IG) ▪ Inspector General Act of 1978 ▪ Different IG for each Federal Government Agency ▪ Independent Audits ▪ Reports to Congress ▪ Reviews actions and ensure efficient operation and good practices ▪ Appointed either by President or by Agency Head depending on size of agency Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST) ▪ Within the Department of Commerce ▪ Creates Standards for ALL Federal Agencies who DO NOT have NSS ▪ Categorize data and systems ▪ Guidelines for systems depending on category ▪ Creates minimum information security controls Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. NITS DOCUMENTS ▪ Federal Information Processing Standards (FIPS) ▪ Special Publications (SPs) Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. FISMA IMPLEMENTATION PROJECT Develop and update security Standards so comply with FISMA Provide security reference materials to support the Risk Management Framework (RMF) Apply risk management-based approach to security controls Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. NIST RISK MANAGEMENT FRAMEWORK PROCESS Categorize IT systems Select security controls Implement security controls Assess security controls Authorize IT systems Continuously monitor security controls Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. NIST RISK MANAGEMENT FRAMEWORK PROCESS Categorize IT systems Select security controls Implement security controls Assess security controls Authorize IT systems Continuously monitor security controls Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. FIPS 199 STANDARDS FOR CATEGORIZING FEDERAL INFORMATION AND INFORMATION SYSTEMS LOW • Loss of CIA has limited adverse affect on agency, its information and assets. Minor damage. MODERATE • Loss of CIA has serious adverse effect with significant damage to assets. HIGH • Loss of CIA has severe or catastrophic adverse effect with major damage to assets. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. NIST DOCUMENTS ▪ FIPS 200 Minimum Security Requirements for Federal Information and Information Systems ▪ SP 800-53-Revision 4 Recommended Security and Privacy Controls Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. CENTRAL INCIDENT RESPONSE CENTER ▪ 1996 under direction of OMB/DHS ▪ Requirements: ▪ Give Tech Support ▪ Share info about security incidents ▪ Inform agencies about potential threats ▪ Consult with NIST and with agencies with NSS about security incidents Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. CENTRAL INCIDENT RESPONSE CENTER • • Reporting depending on category Categories 0 -6 • • • • • • • 0 – Network testing 1 – Unauthorized Access 2 – Denial of Services 3 – Malicious Code 4 – Improper Use 5 – Scan, Probes and attempted access 6 - Investigations Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. NATIONAL SECURITY SYSTEMS • • NSS – Those systems used for Intelligence activities, command and control of military forces, weapons and weapon control equipment, cryptography to protect national security, military and military intelligence, classified for defense and foreign policy Oversight – Committee on National Security Systems (CNSS) • 21 voting members Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. ACCESS CONTROL MODELS Discretionary Access Control (DAC) • Discretion of the owner Mandatory Access Control (MAC) • Security labels and classifications Role-Based Access Control (RBAC) • Job function or role Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. FEDERAL PRIVACY LAWS • Privacy Act of 1974 • Applies to Federal Government but not State and local governments • Definition of Record under this act • Exemptions (12) • SORN • OMB Oversight Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. FEDERAL PRIVACY LAWS • E-Government Act of 2002 • Review IT systems for privacy risks • Post privacy policies on website • Post machine readable privacy policies • Report privacy activities to OMB • PIA Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. OMB REQUIREMENTS FOR BREACH NOTIFICATION • Review and reduce the volume of personally identifiable information store • Eliminate unnecessary use of SSNs • Explore alternatives to using SSN as a personal identifier • Develop policies and procedures for individuals who are authorized to access personally identifiable information Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. OMB BREACH NOTIFICATION Breach Notification Plan Determine Source of Time for if breach the notification notification notification required Legal Issues in Information Security Contents of the notice Means of providing the notice © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Who gets the notice REGULATORY REQUIREMENTS FOR THE IMPORT AND EXPORT OF INFORMATION TECHNOLOGY ▪ Department of Commerce ▪ Export Administration Regulations (EAR) ▪ Export Administration Act of 1979 ▪ Bureau of Industry and Security ▪ Commerce Control List (CCL) ▪ Department of State ▪ International Traffic in Arms Regulations (ITAR) ▪ Treasury Department ▪ Office of Foreign Asset Control (OFAC) Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. REGULATORY REQUIREMENTS FOR THE IMPORT AND EXPORT OF INFORMATION TECHNOLOGY ▪ Export of Technology or Software ▪ Release of technology or software subject to the EAR in a foreign country ▪ Release of technology or source code subject to the EAR to a foreign national within the United States or outside. ▪ Transfer of source code ▪ Inspection or oral communication of code ▪ Violations subject to civil penalties or denial of export privileges ▪ Willful violations subject to criminal penalties Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. THANK YOU For Questions: Email: Leslie.Stovall@ucumberlands.edu Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Legal Issues in Information Security Lesson 1 Information Security Overview © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective Recognize fundamental concepts of information systems security (ISS).  Begin to think about the legal implications of ISS concept and issues  Definitions and general terms  Concepts  Classifications or types of information security  Different levels of protection for various types of information Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 2 What is Information Security?  Practice of protecting information What is the primary goal of Information Security?  To protect 3 aspects of information • Confidentiality • Integrity • Availability What is a Triad?  Grouping of three things we generally think about together as a unit Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 3 Key Concepts  Confidentiality, integrity, and availability (C-I-A triad)  Basic information system security concepts  Risk analysis and mitigation  Mechanisms for organizational information security  Data classifications requiring specialized legal consideration Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 4 WHAT IS CONFIDENTIALITY?  Preventing people who should not have access to data from obtaining it.  Important at all phases • Creation of data • Manipulation, summarization, use • Analysis • Transmission • Destroy  Breaches • Intentional • Accidential Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 5 WHAT IS INTEGRITY?  Means systems and their data are accurate. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 6 WHAT IS AVAILABILITY?  Making sure the systems operate reliably and that data is accessible by people with permission when they need it.  Insures no bottlenecks or slowdowns and that data is available at peak times. • Single point failure –Single piece of hardware or software critical to the entire system. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 7 C-I-A Triad Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 8 Seven Domains of a Typical IT Infrastructure Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 9 Basic Risk Management Concepts  Vulnerability ~ asset weaknesses  Threats – Anything that has the potential to harm the system  Threat Agents – Hackers and Malware  Exploitation – Threats that are carried out  Mitigation ~ safeguard assets  Risks ~ The likelihood that a threat will be exploited. Some can be minimized by asset owner  Safeguards ~ Implemented by an organization as controls used to reduce harm caused by vulnerability and threats.  Referred to as “risk mitigation” Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 10 Risk Management Process Organization Safeguard Vulnerability Threat Agent Risk Threat Legal Issues in Information Security Asset © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 11 Roles in Risk Management Senior Management Chief Information Security Officer Information Technology Department Legal Issues in Information Security Legal Department © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 12 Information Security Common Concerns         Shoulder Surfing Social Engineering Phishing and Targeted Phishing Scams Malware Spyware and Keystroke Loggers Logic Bombs Back Doors Denial of Service Attacks Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 13 Information Security in Different Contexts Private-Harmful to organization if disclosed • High interest in confidentiality Public-No harm to organization through disclosure • High interest in availability Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 14 Data Classification Governmental Classification General Corporate Classification Secret Corporate Confidential Client Confidential Confidential Proprietary Top Secret Restricted Unclassified Legal Issues in Information Security Public © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 15 Mechanisms for Ensuring Information Security Legal Issues in Information Security Laws and Legal Duties Contracts Governance Voluntary Organizations © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 16 Legal Mechanisms to Ensure Information Security  Laws • Gramm-Leach-Bliley Act, HIPAA, COPP, FERPA and Many others  Information Regulations • Financial, credit card, health, etc.  Agencies • FTC, Banks, DHHS, SEC, DOE, etc. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 17 Thank you! Please email questions and/or comments to Dr. Les Stovall Leslie.Stovall@ucumberlands.edu Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 18 ISOL 633 Legal Regulations, Investigations and Compliance Chapter 2 – Lecture 2 Privacy Overview Learning Objectives/Key Concepts Examine the concept of privacy and its legal protections.  Basic privacy principles  Explain the difference between Information Security and Privacy  Describes Legal Issues in Information Security threats to privacy © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objectives/Key Concepts Continued  Explain important issues regarding workplace privacy  General principles for privacy protection Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. What Is Privacy?  A person has control of his or her personal data  Control = a person can specify the collection, use, and sharing of their data  Government’s power to interfere in the privacy of its citizens is limited Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Examples of Private Information Financial information Health information Biometric data Personal Id. Information Other Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Not All Information is private  We would like to control every aspect of our life in terms of who has access to it.  Not all information is private  Public records  Minutes of government meetings  Sex Offender Registration  Criminal records  Court Dockets  Pleadings Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security and Privacy  Privacy is an individual’s right to control the use and disclosure of his or her own personal information  Information security is a process used to keep data private.  Security is the process and privacy is the result of the security process  Privacy Legal Issues in Information Security rights are individual rights © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Sources of Privacy Law  Constitutional Law  Federal Laws  State Laws  Common Laws  Intrusion into Seclusion  Portrayal in a False Light  Appropriation  Public  of Likeness or Identity Disclosure of Private Facts Voluntary Agreements Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Federal Privacy Laws           Census Confidentiality (1952) Freedom of Information Act (1966) Wiretap Act (1968, amended) Mail Privacy Statute (1971) Privacy Act (1974) Cable Communications Policy Act (1984) Electronic Communications Privacy Act (1986) U.S.A. PATRIOT Act (2001) Driver’s Privacy Protection Act (1994) E-Government Act (2002) Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. State Privacy Laws  Ten state constitutions recognize a right to privacy: Alaska, Arizona, California, Florida, Hawaii, Illinois, Louisiana, Montana, South Carolina, and Washington  State of New York was first state to write a right of privacy into its statutes  Other states have recognized a right of privacy through case law  Statutory or codified law and common (case) law Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Threats to Personal Data Privacy: Technology-Based Spyware, Keystroke Loggers, and Adware Cookies, Web Beacons, and Clickstreams RFID and GPS Technologies Security Breaches Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Threats to Personal Data Privacy: People-Based Phishing Social Engineering, Shoulder Surfing, and Dumpster Diving Social Networking Sites Online Data Gathering Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Workplace Privacy and Monitoring Legal Issues in Information Security Telephone and Voice Mail Video Surveillance Computer and Internet Use E-mail © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. GOOD General Principles for Privacy Protection in Information Systems Active data collection Passive Data Collection AVOID Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Summary  People no longer take privacy for granted  People want control  Complications caused by electronic communications  Threats to privacy in the information age  Organizations must respect a person’s individual right to privacy Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Thank You for your interest and participation. For questions email Dr. Les Stovall Leslie.stovall@ucumberlands.edu Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. ISOL 633 Legal Regulations, Investigations and Compliance Chapter 3 The American Legal System © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective  Identify the basic components of the American legal system.  Explain different sources of law  Explain what precedent is and its role  Explain what is meant by regulatory authority  Explain the difference between compliance and audit  Describe how security, privacy and compliance work together Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 2 Components of the American Legal System  Federal Government  Legislative  Executive  Judicial  State Government Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 3 Bill of Rights • Ratification of the United States Constitution • Supreme law of the land • All statutes measured against this document 1789 1791 • Discovered concepts missing from early documents • Modifications to the U.S. Constitution • Bill of Rights – first amendments to Constitution Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 4 Federal Government Executive Branch Legislative Branch Judicial Branch Federal Government Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 5 LEGISLATIVE BRANCH OF FEDERAL GOVERNMENT (Article I, Section 8)  Congress  Senate (100 total – two from each state)  35 years of age, citizen 9 years, resident of state represented  House of Representatives (435 total)  25 years of age, citizen 7 years, resident of congressional district represented  Congressional districts redrawn every 10 years Powers      Declare War Maintain Armed Forces Print money Regulate Commerce between states Other Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 6 LAW MAKING HOW A BILL BECOMES LAW  Drafted in either House or Senate  Introduced to that Chamber (House or Senate)  Special Committee reviews • Determines if needed • Votes and decides whether to send to full body for vote  Passed in that chamber (either house or senate)  Once a version is passed in both chambers (House and Senate), reviewed and compromise  Returned to each chamber for further revision and review  Signed by Head of House – Speaker and by Head of Senate – President of Senate  Goes to President – 10 days to sign or veto. • If he does neither in 10 days Bill passes as if he had signed  If signed becomes “Act of Congress” or a Federal Law  If vetoed by president still becomes law with 2/3 vote of both houses Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 7 EXECUTIVE BRANCH OF FEDERAL GOVERNMENT (Article II)  Headed by President of United States  Natural Born Citizen, at least 35 years of age, resident of the United States for 14 years before date of election Powers  Enforce law of US  Responsible for maintaining day to day operations of county  Appoints Federal judicial, executive and administrative officers  Appoints Cabinet members  Negotiate and enter into treaties with other countries (ratified by Senate)  Other Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 8 JUDICIAL BRANCH OF FEDERAL GOVERNMENT (Article III)  US SUPREME COURT – HIGHEST COURT IN LAND 9 MEMBERS OF US SUPREME COURT  Nominated by President, confirmed by Senate  First Woman, 1981, Sandra Day O’Conner, nominated by President Regan, served until 2006  Term - Life Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 9 STRUCTURE OF FEDERAL COURTS COURTS OF LIMITED JURISDICTION • Cases/Disputes with Issues of Federal Law • Constitutional Law • Complete Diversity (citizens of different states) and amount in controversy exceeds $75,000.00 TYPES OF JURISDICTION • Original Jurisdiction • Concurrent Jurisdiction • Appellate Jurisdiction Can be “Remanded” to State Courts under certain conditions Can be “Removed” to Federal Court if wrongly filed in State Court Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 10 UNITED STATES SUPREME COURT APPELLATE COURTS US DISTRICT COURTS …13 APPELLATE COURTS… …94 US DISTRICT COURTS… APPELLATE COURTS US DISTRICT COURTS FEDERAL COURT SYSTEM IN THE UNITED STATES Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 11 STATE COURTS • Articles of Confederation – after American Revolution – DID NOT WORK! • 1789 – US Constitution • 1791 – Bill of Rights – First 10 Amendments to Constitution • Branches of State Government – similar to Federal • Executive – Governor • Legislative – House of Representatives and Senate • Judicial • Supremacy Clause in US Constitution • Conflicting Federal Law trumps State Law Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 12 STATE SUPREME COURT STATE APPELLATE COURT CIRCUIT COURTS…(number varies by state) (exact name varies by state) STATE DISTRICT COURTS…(number varies by state) (exact name varies by state) STATE COURT SYSTEM IN THE UNITED STATES Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 13 AMERICAN LEGAL SYSTEM  Federal Courts • US District Courts • Appeals Courts • United States Supreme Court  State Courts • District Courts • Circuit Courts • Court of Appeals • State Supreme Courts Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 14 Different Types of Laws Law Description Common Law  Values and customs Code Law  Written by Legislature Constitutional Law  Highest authority Civil Law  Individual complaints Criminal Law  Wrongs to society Administrative Law  Agency regulations Legal Precedent  Guidance from past Code – lex scripta; common – lex non scripta Statutory Construction How is Louisiana State Law Different? Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 15 TYPES OF LAWS  SUBSTANTIVE LAWS-subject matter  PROCEDURAL LAWS – rules of the courts • Rules of Criminal Procedure (Fed and State) • Rules of Civil Procedure (Fed and State) • Family Court Rules of Practice and Procedure (State) • Supreme Court Rules (State)  ADMINISTRATIVE LAWS • Follow Administrative procedures  Burdens of Proof – Different depending on nature of case • Beyond a Reasonable Doubt • Clear and Convincing • Preponderance of Evidence Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 16 The Role of Precedent  Doctrine of precedent  Courts look at decisions made in prior cases to determine appropriate resolution for new cases Also referred to as the doctrine of stare decisis  "To stand by things decided” Plessy v. Ferguson (1896) Brown v. Board of Education (1954) Payne v. Tennessee (1991) Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 17 Regulatory Authorities  Federal government delegates some regulatory and enforcement functions to administrative agencies  “Agency” is any governmental authority besides Congress and the courts  President usually has responsibility for overseeing federal agencies  Congress can create independent agencies that report directly to it  Example: Federal Trade Commission (FTC) Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 18 Difference Between Compliance and Audit Compliance is the action of following applicable laws and rules Compliance Audit Audit is an evaluation and verification that certain objectives are met. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 19 HOW DO SECURITY, PRIVACY AND COMPLIANCE FIT TOGETHER?  Security – Practice of protecting information that insured CIA Triad  Privacy – Individual’s right to control how his personal data is collected, used and shared  Information Security – Makes sure personal privacy rights are protected No comprehensive laws to protect privacy in all areas. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 20 The End! Questions? Dr. Les Stovall leslie.stovall@ucumberlands.edu Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 21 ISOL 633 - Legal Regulations, Investigations and Compliance Lesson 4 – Chapter 4 Security and Privacy of Consumer Financial Information © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective ▪ Describe legal compliance laws addressing how financial institutions protect the security and privacy of consumer financial information. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Key Concepts • Financial institutions and the protection of information they collect • Financial regulatory laws and government regulatory bodies • The Gramm-Leach-Bliley Act and financial institutions • The Federal Trade Commission Red Flags Rule • Payment Card Industry Standards Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Business Challenges Facing Financial Institutions • Bear cost of consumer identity theft • Company names and logos used in phishing scams • Targets of hackers • Must follow regulations designed to protect security and privacy of data they collect and use; rules place compliance burden on financial institutions Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Types of Financial Institutions Savings and loan associations Finance companies Insurance companies Investment companies Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Examples of Regulation/Definitions • National Banking Act of 1864 • Bank Secrecy Act of 1970 • Bank Holding Company Act of 1956 • Gramm-Leach-Bliley Act Legal Issues in Information Security Definitions: Consumer Consumer Information Consumer Goods Consumer Services © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Consumer Financial Information Name Social Security number Address/ telephone number Legal Issues in Information Security Driver’s license number Work history © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Who Regulates Financial Institutions? Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Federal Reserve System • • • • • • Created by Congress in 1913 Central Bank of the US Bank for other banks Bank for Government Responsibilities? Structure and Organization Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Structure of the Federal Reserve Continued • 12 Regional Banks • Each with 24 Branches • Each with 12 member Board of Directors • Function: • Distribute Currency and coin between regions • Supervise and review National Member Banks for Soundness • Serve as bank for federal govenment • Regulate State Chartered members banks • Supervise Bank holding companies • Supervise foreign banks operating in the US • Supervise foreign activities of domestic member banks Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Federal Deposit Insurance Corporation • Banking Act of 1933 • Banking Act of 1935 • 5 member board of Directors • 3 – Appt by President • Comptroller of Currency • Director of Consumer Financial Protection Bureau • • • • No more than 3 from any one political party 8 Regional Offices Purpose? Members? Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. National Credit Union Association • Congress passed the Federal Credit Union Act of 1934 • Created Federally Chartered Credit Unions • The NCUA was formed in 1970 to supervise and charter Federal Credit Unions • What is a Credit Union? • Cooperative –So what is a cooperative? • Affiliates (members) pool their money together to make loans to each other • Structure • 3 member Board of Directors • 5 regional offices • NCUSIF Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Office of the Comptroller of Currency (OCC) • 1864- National Banking Act • Under the Department of Treasury • Charters and Supervises National Banks and Federal Savings Associations (Thrifts) Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Consumer Financial Protection Bureau (CFPB) • 2010 • Focus is on Consumers • Ensures that all consumers have access to financial products and services • Services offered in a fair and competitive manner • Examines financial institutions to ensure compliance • Board of Directors • 6 Divisions and number of advisory boards Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. FEDERAL TRADE COMMISSION (FTC) • Independent Federal Agency – Congress 1914 • Oversee compliance with more than 46 different laws • • • • 5 Commissioners – 7 year term No More than 3 from any one political party 7 Regional offices Function Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Federal Financial Institutions Examination Counsel • Established in 1979 – by act of Congress • Reports to Congress Annually • Established by: • Financial Institutions Regulatory and Interest Rate Control Act of 1978 • Composition of the Counsel: • • • • • • • This body has 6 members comprised of: Chair of the FDIC Chair of NCUA Comptroller of the OCC Director of the CFPB Member of the Board of Governors of the FED Chair of the FFIEC State Liaison Committee • DOE NOTY REGULATE FINANCIAL INSTITUTIONS Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Federal Financial Institutions Examination Council (FFIEC) ▪ Establish principles and standards for examination of federal financial institutions ▪ Develop uniform reporting system ▪ Conduct training for federal bank examiners ▪ Make recommendations regarding bank supervision matters ▪ Encourage adoption of uniform principles and standards by federal and state banks Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. FFIEC Continued • Task Forces – 6 Under the direction of the FFIEC • Consumer Compliance – Promotes a uniform approach to consumer protection laws • Examiner Education – Oversees FFIEC examiner training. • Information Sharing – Sharing of information among its members. • Reports – Uniform financial reporting for members • Supervision – Supervision and examination procedures • Surveillance Systems – Develops Systems to Monitor the financial condition and the performance of financial institutions Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The Gramm-Leach Bliley Act (GLBA) ▪ The Financial Modernization Act of 1999 ▪ Protects personal financial information held by financial institutions Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Impacts of GLBA • Allows banks, securities, and insurance companies to merge • Financial activities include borrowing, lending, providing credit counseling, debt collection, and other activities • Protects nonpublic personal information (NPI) Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Nonpublic Personal Information (NPI) Social Security numbers Financial account numbers Credit card numbers Date of birth Name, address, and phone numbers when collected with financial data • Details of any transactions or the fact that an individual is a customer of a financial institution • • • • • Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. GLBA―Principal Parts GLBA Privacy Rule Legal Issues in Information Security Safeguards Rule Pretexting © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. GLBA Privacy Rule • Financial institutions may not share NPI with nonaffiliated third parties unless institution gives notice to consumer • The notice must tell consumers about types of data the institution collects and how it uses that information • Called a notice of privacy practices • Consumers have chance to opt out of some data sharing • Difference between Customer and Consumer • Amended by Financial Services Regulatory Relief Act of 2006 • April 2010 –Model Privacy Notice form Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. GLBA Safeguard Rule • Each agency must establish standards that: • Protect the security and confidentiality of customer information • Protect against threats to the security or integrity of customer information • Protect against unauthorized access to or use of customer information that could result in harm to a customer Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. GLBA Pretexting Rule • Pretexting • Trying to gain access to customer information without proper authority; also known as social engineering • Illegal to make false, fictitious, or fraudulent statements to a financial institution or its customers to get customer information • Illegal to use forged, counterfeit, lost, or stolen documents to do the same thing • Designed to stop identity theft Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The Federal Trade Commission Red Flags Rule ▪ Fair and Accurate Credit Transaction Act of 2003 (FACTA) ▪ Identify Theft Red Flags Rule ▪ Applies to financial institutions and creditors with covered accounts ▪ What is a covered Account? ▪ Requirements? ▪ Oversight? Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Red Flag Categories Suspicious Documents Suspicious Personal Identifying Information Notice of Identity Theft Legal Issues in Information Security Unusual Account Activity Credit Reporting Agency Alerts © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Red Flag Rules Continued… • Written Identity Theft Prevention Program • Detect, prevent and mitigate identity theft. • Employee training • Oversight • Federal Reserve System • FDIC • OCC • Enforcement • $2,500.00 • No private right of action Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Payment Card Industry (PCI) Data Security Standards (DSS) ▪ Safeguards and protects credit card data ▪ All merchants accepting credit cards must follow PCI DSS standards ▪ Single approach makes it easier for merchants to accept all cards Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Payment Card Industry Security Standards Counsel • Since 2006 • Comprised of Major Credit Card Companies • • • • • • • • • • MasterCard Visa American Express JCB International (Chase) Discovery NOT a government agency Purpose? Scope? Requirements? Oversight? Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. PCI DSS Controls and Rules ▪ Build and maintain a secure network ▪ Protect cardholder data ▪ Maintain a vulnerability management program ▪ Implement strong access control measures ▪ Regularly monitor and test networks ▪ Maintain an information security policy Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. How Effective Have these Measures Been? Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Examples of Breaches: • FTC vs. Nationwide Mortgage Group under GLBA • Target self reporting credit card data breaches • TJX – self reporting of credit card data breaches Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. •Neiman Marcus (retail). Between July and October 2013, the credit card information of 350,000 individuals was stolen, and more than 9,000 of the credit cards have been used fraudulently since the attack Sophisticated code written by the hackers allowed them to move through company computers, undetected by company employees for months. •Michaels (retail). Between May 2013 and January 2014, the payment cards of 2.6 million Michaels customers were affected. Attackers targeted the Michaels POS system to gain access to their systems. •Yahoo! Mail (communications). The e-mail service for 273 million users was reportedly hacked in January 2015, although the specific number of accounts affected was not released. •Aaron Brothers (retail). The credit and debit card information for roughly 400,000 customers of Aaron Brothers, a subsidiary of Michaels, was compromised by the same POS system malware. •AT&T (communications). For two weeks 2015 AT&T was hacked from the inside by personnel who accessed user information, including social security information. •eBay (retail). Cyber attacks in late February and early March 2015 led to the compromise of eBay employee log-ins, allowing access to the contact and log-in information for 233 million eBay customers. eBay issued a statement asking all users to change their passwords. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. •Bartell Hotels (hotel). The information for up to 55,000 customers was reportedly stolen between February and May, 2015. •U.S. Transportation Command contractors (transportation). A Senate report revealed that networks of the U.S. Transportation Command’s contractors were successfully breached 50 times between June 2012 and May 2013. At least 20 of the breaches were attributed to attacks originating from China. •J.P. Morgan Chase (financial). An attack in June was not noticed until August, 2015. The contact information for 76 million households and 7 million small businesses was compromised. The hackers may have originated in Russia and may have ties to the Russian government. •Dairy Queen International (restaurant). Credit and debit card information from 395 Dairy Queen and Orange Julius stores was compromised by the Backoff malware 2015. •Snapsave (communications). Reportedly, the photos of 200,000 users were hacked from Snapsave, a third-party app for saving photos from Snapchat, an instant photo-sharing app between 2014 and 2015 Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. •U.S. Investigations Services (services). U.S. Investigations Services, a subcontractor for federal employee background checks, suffered a data breach in August, 2015 which led to the theft of employee personnel information. Although no specific origin of attack was reported, the company believes the attack was state-sponsored. •Community Health Services (health care). At Community Health Service (CHS), the personal data for 4.5 million patients were compromised between April and June, 2015. CHS warns that any patient who visited any of its 206 hospital locations over the past five years may have had his or her data compromised. The sophisticated malware used in the attack reportedly originated in China. The FBI warns that other health care firms may also have been attacked. •UPS (services). Between January and August, 2014 customer information from more than 60 UPS stores was compromised, including financial data, reportedly as a result of the Backoff malware attacks. •Defense Industries (defense). Su Bin, a 49-year-old Chinese national, was indicted for hacking defense companies such as Boeing. Between 2009 and 2013, Bin reportedly worked with two other hackers in an attempt to steal manufacturing plans for defense programs, such as the F-35 and F-22 fighter jets. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. •Home Depot (retail). In 2015 Cyber criminals reportedly used malware to compromise the credit card information for roughly 56 million shoppers in Home Depot’s 2,000 U.S. and Canadian outlets. •Google (communications). Reportedly, 5 million Gmail usernames and passwords were compromised. About 100,000 were released on a Russian forum site. 2014-2015. •Apple iCloud (technology). Hackers reportedly used passwords hacked with brute-force tactics and third-party applications to access Apple user’s online data storage, leading to the subsequent posting of celebrities’ private photos online.[ It is uncertain whether users or Apple were at fault for the attack.] 2014-2015 •Goodwill Industries International (retail). Between February 2013 and August 2014, information for roughly 868,000 credit and debit cards was reportedly stolen from 330 Goodwill stores. Malware infected the chain store through infected third-party vendors. •SuperValu (retail). SuperValu was attacked between June and July, and suffered another malware attack between late August and September.The first theft included customer and payment card information from some of its Cub Foods, Farm Fresh, Shop ‘n Save, and Shoppers stores. The second attack reportedly involved only payment card data. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. •Five Chinese hackers indicted. Five Chinese nationals were indicted for computer hacking and economic espionage of U.S. companies between 2006 and 2014. The targeted companies included Westinghouse Electric (energy and utilities), U.S. subsidiaries of SolarWorld AG (industrial), United States Steel (industrial), Allegheny Technologies (technology), United Steel Workers Union (services), and Alcoa (industrial). •Unnamed public works (energy and utilities). According to the Department of Homeland Security, an unnamed public utility’s control systems were accessed by hackers through a brute-force attack on employee’s log-in passwords. 2015 •Feedly (communications). 2015 Feedly’s 15 million users were temporarily affected by three distributed denial-of-service attacks. •Evernote (technology). 2015 In the same week as the Feedly cyber attack, Evernote and its 100 million users faced a similar denial-of-service attack. •P.F. Chang’s China Bistro (restaurant). Between September 2013 and June 2014, credit and debit card information from 33 P.F. Chang’s restaurants was compromised and reportedly sold online. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. What are the Odds? • According to the Bureau of Justice Statistics 17.6 MILLION U.S. RESIDENTS EXPERIENCED IDENTITY THEFT IN 2014 • That represents about 7 percent of U.S. residents age 16 or older, were victims of at least one incident of identity theft in 2014. • The most common type of identity theft was the unauthorized misuse or attempted misuse of an existing account—experienced by 16.4 million persons. Victims may have experienced multiple types of identity theft. An estimated 8.6 million victims experienced the fraudulent use of a credit card, 8.1 million experienced the unauthorized or attempted use of existing bank accounts (checking, savings or other) and 1.5 million victims experienced other types of existing account theft, such as misuse or attempted misuse of an existing telephone, online or insurance account. • Source: Victims of Identity Theft, 2014 (NCJ 248991), was written by BJS statistician Erika Harrell. The report, related documents and additional information about the Bureau of Justice Statistics’ statistical publications and programs can be found on the BJS website at http://www.bjs.gov/. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. WEB SITES http://www.consumer.ftc.gov/article s/pdf-0119-guide-assisting-id-theftvictims.pdf https://www.consumer.ftc.gov/articl es/pdf-0094-identity-theftaffidavit.pdf https://www.consumer.ftc.gov/articl es/pdf-0009-taking-charge.pdf Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. THANK YOU! Please email your questions to Dr. Les Stovall Leslie.Stovall@UCumberlands.edu Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Running Head: LAW REGULATION ANALYSIS

Law Regulation Analysis
Institutional Affiliation
Date

1

LAW REGULATION ANALYSIS
Privacy is an important aspect in the workplace and it should be respected given that it
brings out the understanding between the employer and the employee. There are examples of
private data such as finance, health, and biometric status. Various states have laws that protect
the employees’ privacy in their workplace. It’s of much importance to note that privacy is
protected by law as well as contract. Despite the fact that the employer provides working
material under their site, employees still have the right to privacy. Employers still ought to know
some information regarding the employee for things such as salary plus allowances making the
company’s task to be conducted swiftly. In addition to this, the employers can still balance their
interests in knowing the employee's information in that they guarantee to use as well as reveal
the information for proper use. Employers are much concerned about their management in their
workplace thus making them monitor the employees (Voigt, Von dem Bussche, 2017). This can
be justified since their purpose is to prevent illegalities in the workplace. Some examples of these
illegalities are violence, theft of property, among others. Despite the fact that managers have the
choice of monitoring their workers and it's justified at a given point should not allow them to end
up treating all workers as suspects for doubting one of them. At a given time the production
decline of the company is of great importance to the employer as the employees use the
technology of the office in regard to personal matters. Due to this, th...


Anonymous
Really useful study material!

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags