SOL633 Cumberlands Children Laws & Regulation on The Internet Paper

User Generated

cnegu801

Computer Science

SOL633

University of the Cumberlands

Description

you are to write a 4 page paper, using the same APA rules discussed at the residency, on a chapter of your choice (chapters 1 through 8). The topic should be your analysis of the law or regulation, the need for the law/regulation, and a recent example of the law/regulation in the media.

The title page and references does not count towards your page limit.

Unformatted Attachment Preview

Legal Issues in Information Security Lesson 1 Information Security Overview © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective Recognize fundamental concepts of information systems security (ISS).  Begin to think about the legal implications of ISS concept and issues  Definitions and general terms  Concepts  Classifications or types of information security  Different levels of protection for various types of information Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 2 What is Information Security?  Practice of protecting information What is the primary goal of Information Security?  To protect 3 aspects of information • Confidentiality • Integrity • Availability What is a Triad?  Grouping of three things we generally think about together as a unit Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 3 Key Concepts  Confidentiality, integrity, and availability (C-I-A triad)  Basic information system security concepts  Risk analysis and mitigation  Mechanisms for organizational information security  Data classifications requiring specialized legal consideration Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 4 WHAT IS CONFIDENTIALITY?  Preventing people who should not have access to data from obtaining it.  Important at all phases • Creation of data • Manipulation, summarization, use • Analysis • Transmission • Destroy  Breaches • Intentional • Accidential Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 5 WHAT IS INTEGRITY?  Means systems and their data are accurate. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 6 WHAT IS AVAILABILITY?  Making sure the systems operate reliably and that data is accessible by people with permission when they need it.  Insures no bottlenecks or slowdowns and that data is available at peak times. • Single point failure –Single piece of hardware or software critical to the entire system. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 7 C-I-A Triad Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 8 Seven Domains of a Typical IT Infrastructure Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 9 Basic Risk Management Concepts  Vulnerability ~ asset weaknesses  Threats – Anything that has the potential to harm the system  Threat Agents – Hackers and Malware  Exploitation – Threats that are carried out  Mitigation ~ safeguard assets  Risks ~ The likelihood that a threat will be exploited. Some can be minimized by asset owner  Safeguards ~ Implemented by an organization as controls used to reduce harm caused by vulnerability and threats.  Referred to as “risk mitigation” Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 10 Risk Management Process Organization Safeguard Vulnerability Threat Agent Risk Threat Legal Issues in Information Security Asset © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 11 Roles in Risk Management Senior Management Chief Information Security Officer Information Technology Department Legal Issues in Information Security Legal Department © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 12 Information Security Common Concerns         Shoulder Surfing Social Engineering Phishing and Targeted Phishing Scams Malware Spyware and Keystroke Loggers Logic Bombs Back Doors Denial of Service Attacks Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 13 Information Security in Different Contexts Private-Harmful to organization if disclosed • High interest in confidentiality Public-No harm to organization through disclosure • High interest in availability Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 14 Data Classification Governmental Classification General Corporate Classification Secret Corporate Confidential Client Confidential Confidential Proprietary Top Secret Restricted Unclassified Legal Issues in Information Security Public © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 15 Mechanisms for Ensuring Information Security Legal Issues in Information Security Laws and Legal Duties Contracts Governance Voluntary Organizations © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 16 Legal Mechanisms to Ensure Information Security  Laws • Gramm-Leach-Bliley Act, HIPAA, COPP, FERPA and Many others  Information Regulations • Financial, credit card, health, etc.  Agencies • FTC, Banks, DHHS, SEC, DOE, etc. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 17 Thank you! Please email questions and/or comments to Dr. Les Stovall Leslie.Stovall@ucumberlands.edu Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 18 ISOL 633 Legal Regulations, Investigations and Compliance Chapter 2 – Lecture 2 Privacy Overview Learning Objectives/Key Concepts Examine the concept of privacy and its legal protections.  Basic privacy principles  Explain the difference between Information Security and Privacy  Describes Legal Issues in Information Security threats to privacy © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objectives/Key Concepts Continued  Explain important issues regarding workplace privacy  General principles for privacy protection Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. What Is Privacy?  A person has control of his or her personal data  Control = a person can specify the collection, use, and sharing of their data  Government’s power to interfere in the privacy of its citizens is limited Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Examples of Private Information Financial information Health information Biometric data Personal Id. Information Other Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Not All Information is private  We would like to control every aspect of our life in terms of who has access to it.  Not all information is private  Public records  Minutes of government meetings  Sex Offender Registration  Criminal records  Court Dockets  Pleadings Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security and Privacy  Privacy is an individual’s right to control the use and disclosure of his or her own personal information  Information security is a process used to keep data private.  Security is the process and privacy is the result of the security process  Privacy Legal Issues in Information Security rights are individual rights © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Sources of Privacy Law  Constitutional Law  Federal Laws  State Laws  Common Laws  Intrusion into Seclusion  Portrayal in a False Light  Appropriation  Public  of Likeness or Identity Disclosure of Private Facts Voluntary Agreements Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Federal Privacy Laws           Census Confidentiality (1952) Freedom of Information Act (1966) Wiretap Act (1968, amended) Mail Privacy Statute (1971) Privacy Act (1974) Cable Communications Policy Act (1984) Electronic Communications Privacy Act (1986) U.S.A. PATRIOT Act (2001) Driver’s Privacy Protection Act (1994) E-Government Act (2002) Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. State Privacy Laws  Ten state constitutions recognize a right to privacy: Alaska, Arizona, California, Florida, Hawaii, Illinois, Louisiana, Montana, South Carolina, and Washington  State of New York was first state to write a right of privacy into its statutes  Other states have recognized a right of privacy through case law  Statutory or codified law and common (case) law Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Threats to Personal Data Privacy: Technology-Based Spyware, Keystroke Loggers, and Adware Cookies, Web Beacons, and Clickstreams RFID and GPS Technologies Security Breaches Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Threats to Personal Data Privacy: People-Based Phishing Social Engineering, Shoulder Surfing, and Dumpster Diving Social Networking Sites Online Data Gathering Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Workplace Privacy and Monitoring Legal Issues in Information Security Telephone and Voice Mail Video Surveillance Computer and Internet Use E-mail © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. GOOD General Principles for Privacy Protection in Information Systems Active data collection Passive Data Collection AVOID Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Summary  People no longer take privacy for granted  People want control  Complications caused by electronic communications  Threats to privacy in the information age  Organizations must respect a person’s individual right to privacy Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Thank You for your interest and participation. For questions email Dr. Les Stovall Leslie.stovall@ucumberlands.edu Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. ISOL 633 Legal Regulations, Investigations and Compliance Chapter 3 The American Legal System © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective  Identify the basic components of the American legal system.  Explain different sources of law  Explain what precedent is and its role  Explain what is meant by regulatory authority  Explain the difference between compliance and audit  Describe how security, privacy and compliance work together Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 2 Components of the American Legal System  Federal Government  Legislative  Executive  Judicial  State Government Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 3 Bill of Rights • Ratification of the United States Constitution • Supreme law of the land • All statutes measured against this document 1789 1791 • Discovered concepts missing from early documents • Modifications to the U.S. Constitution • Bill of Rights – first amendments to Constitution Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 4 Federal Government Executive Branch Legislative Branch Judicial Branch Federal Government Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 5 LEGISLATIVE BRANCH OF FEDERAL GOVERNMENT (Article I, Section 8)  Congress  Senate (100 total – two from each state)  35 years of age, citizen 9 years, resident of state represented  House of Representatives (435 total)  25 years of age, citizen 7 years, resident of congressional district represented  Congressional districts redrawn every 10 years Powers      Declare War Maintain Armed Forces Print money Regulate Commerce between states Other Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 6 LAW MAKING HOW A BILL BECOMES LAW  Drafted in either House or Senate  Introduced to that Chamber (House or Senate)  Special Committee reviews • Determines if needed • Votes and decides whether to send to full body for vote  Passed in that chamber (either house or senate)  Once a version is passed in both chambers (House and Senate), reviewed and compromise  Returned to each chamber for further revision and review  Signed by Head of House – Speaker and by Head of Senate – President of Senate  Goes to President – 10 days to sign or veto. • If he does neither in 10 days Bill passes as if he had signed  If signed becomes “Act of Congress” or a Federal Law  If vetoed by president still becomes law with 2/3 vote of both houses Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 7 EXECUTIVE BRANCH OF FEDERAL GOVERNMENT (Article II)  Headed by President of United States  Natural Born Citizen, at least 35 years of age, resident of the United States for 14 years before date of election Powers  Enforce law of US  Responsible for maintaining day to day operations of county  Appoints Federal judicial, executive and administrative officers  Appoints Cabinet members  Negotiate and enter into treaties with other countries (ratified by Senate)  Other Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 8 JUDICIAL BRANCH OF FEDERAL GOVERNMENT (Article III)  US SUPREME COURT – HIGHEST COURT IN LAND 9 MEMBERS OF US SUPREME COURT  Nominated by President, confirmed by Senate  First Woman, 1981, Sandra Day O’Conner, nominated by President Regan, served until 2006  Term - Life Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 9 STRUCTURE OF FEDERAL COURTS COURTS OF LIMITED JURISDICTION • Cases/Disputes with Issues of Federal Law • Constitutional Law • Complete Diversity (citizens of different states) and amount in controversy exceeds $75,000.00 TYPES OF JURISDICTION • Original Jurisdiction • Concurrent Jurisdiction • Appellate Jurisdiction Can be “Remanded” to State Courts under certain conditions Can be “Removed” to Federal Court if wrongly filed in State Court Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 10 UNITED STATES SUPREME COURT APPELLATE COURTS US DISTRICT COURTS …13 APPELLATE COURTS… …94 US DISTRICT COURTS… APPELLATE COURTS US DISTRICT COURTS FEDERAL COURT SYSTEM IN THE UNITED STATES Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 11 STATE COURTS • Articles of Confederation – after American Revolution – DID NOT WORK! • 1789 – US Constitution • 1791 – Bill of Rights – First 10 Amendments to Constitution • Branches of State Government – similar to Federal • Executive – Governor • Legislative – House of Representatives and Senate • Judicial • Supremacy Clause in US Constitution • Conflicting Federal Law trumps State Law Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 12 STATE SUPREME COURT STATE APPELLATE COURT CIRCUIT COURTS…(number varies by state) (exact name varies by state) STATE DISTRICT COURTS…(number varies by state) (exact name varies by state) STATE COURT SYSTEM IN THE UNITED STATES Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 13 AMERICAN LEGAL SYSTEM  Federal Courts • US District Courts • Appeals Courts • United States Supreme Court  State Courts • District Courts • Circuit Courts • Court of Appeals • State Supreme Courts Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 14 Different Types of Laws Law Description Common Law  Values and customs Code Law  Written by Legislature Constitutional Law  Highest authority Civil Law  Individual complaints Criminal Law  Wrongs to society Administrative Law  Agency regulations Legal Precedent  Guidance from past Code – lex scripta; common – lex non scripta Statutory Construction How is Louisiana State Law Different? Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 15 TYPES OF LAWS  SUBSTANTIVE LAWS-subject matter  PROCEDURAL LAWS – rules of the courts • Rules of Criminal Procedure (Fed and State) • Rules of Civil Procedure (Fed and State) • Family Court Rules of Practice and Procedure (State) • Supreme Court Rules (State)  ADMINISTRATIVE LAWS • Follow Administrative procedures  Burdens of Proof – Different depending on nature of case • Beyond a Reasonable Doubt • Clear and Convincing • Preponderance of Evidence Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 16 The Role of Precedent  Doctrine of precedent  Courts look at decisions made in prior cases to determine appropriate resolution for new cases Also referred to as the doctrine of stare decisis  "To stand by things decided” Plessy v. Ferguson (1896) Brown v. Board of Education (1954) Payne v. Tennessee (1991) Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 17 Regulatory Authorities  Federal government delegates some regulatory and enforcement functions to administrative agencies  “Agency” is any governmental authority besides Congress and the courts  President usually has responsibility for overseeing federal agencies  Congress can create independent agencies that report directly to it  Example: Federal Trade Commission (FTC) Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 18 Difference Between Compliance and Audit Compliance is the action of following applicable laws and rules Compliance Audit Audit is an evaluation and verification that certain objectives are met. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 19 HOW DO SECURITY, PRIVACY AND COMPLIANCE FIT TOGETHER?  Security – Practice of protecting information that insured CIA Triad  Privacy – Individual’s right to control how his personal data is collected, used and shared  Information Security – Makes sure personal privacy rights are protected No comprehensive laws to protect privacy in all areas. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 20 The End! Questions? Dr. Les Stovall leslie.stovall@ucumberlands.edu Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 21 ISOL 633 - Legal Regulations, Investigations and Compliance Lesson 4 – Chapter 4 Security and Privacy of Consumer Financial Information © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective ▪ Describe legal compliance laws addressing how financial institutions protect the security and privacy of consumer financial information. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Key Concepts • Financial institutions and the protection of information they collect • Financial regulatory laws and government regulatory bodies • The Gramm-Leach-Bliley Act and financial institutions • The Federal Trade Commission Red Flags Rule • Payment Card Industry Standards Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Business Challenges Facing Financial Institutions • Bear cost of consumer identity theft • Company names and logos used in phishing scams • Targets of hackers • Must follow regulations designed to protect security and privacy of data they collect and use; rules place compliance burden on financial institutions Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Types of Financial Institutions Savings and loan associations Finance companies Insurance companies Investment companies Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Examples of Regulation/Definitions • National Banking Act of 1864 • Bank Secrecy Act of 1970 • Bank Holding Company Act of 1956 • Gramm-Leach-Bliley Act Legal Issues in Information Security Definitions: Consumer Consumer Information Consumer Goods Consumer Services © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Consumer Financial Information Name Social Security number Address/ telephone number Legal Issues in Information Security Driver’s license number Work history © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Who Regulates Financial Institutions? Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Federal Reserve System • • • • • • Created by Congress in 1913 Central Bank of the US Bank for other banks Bank for Government Responsibilities? Structure and Organization Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Structure of the Federal Reserve Continued • 12 Regional Banks • Each with 24 Branches • Each with 12 member Board of Directors • Function: • Distribute Currency and coin between regions • Supervise and review National Member Banks for Soundness • Serve as bank for federal govenment • Regulate State Chartered members banks • Supervise Bank holding companies • Supervise foreign banks operating in the US • Supervise foreign activities of domestic member banks Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Federal Deposit Insurance Corporation • Banking Act of 1933 • Banking Act of 1935 • 5 member board of Directors • 3 – Appt by President • Comptroller of Currency • Director of Consumer Financial Protection Bureau • • • • No more than 3 from any one political party 8 Regional Offices Purpose? Members? Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. National Credit Union Association • Congress passed the Federal Credit Union Act of 1934 • Created Federally Chartered Credit Unions • The NCUA was formed in 1970 to supervise and charter Federal Credit Unions • What is a Credit Union? • Cooperative –So what is a cooperative? • Affiliates (members) pool their money together to make loans to each other • Structure • 3 member Board of Directors • 5 regional offices • NCUSIF Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Office of the Comptroller of Currency (OCC) • 1864- National Banking Act • Under the Department of Treasury • Charters and Supervises National Banks and Federal Savings Associations (Thrifts) Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Consumer Financial Protection Bureau (CFPB) • 2010 • Focus is on Consumers • Ensures that all consumers have access to financial products and services • Services offered in a fair and competitive manner • Examines financial institutions to ensure compliance • Board of Directors • 6 Divisions and number of advisory boards Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. FEDERAL TRADE COMMISSION (FTC) • Independent Federal Agency – Congress 1914 • Oversee compliance with more than 46 different laws • • • • 5 Commissioners – 7 year term No More than 3 from any one political party 7 Regional offices Function Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Federal Financial Institutions Examination Counsel • Established in 1979 – by act of Congress • Reports to Congress Annually • Established by: • Financial Institutions Regulatory and Interest Rate Control Act of 1978 • Composition of the Counsel: • • • • • • • This body has 6 members comprised of: Chair of the FDIC Chair of NCUA Comptroller of the OCC Director of the CFPB Member of the Board of Governors of the FED Chair of the FFIEC State Liaison Committee • DOE NOTY REGULATE FINANCIAL INSTITUTIONS Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Federal Financial Institutions Examination Council (FFIEC) ▪ Establish principles and standards for examination of federal financial institutions ▪ Develop uniform reporting system ▪ Conduct training for federal bank examiners ▪ Make recommendations regarding bank supervision matters ▪ Encourage adoption of uniform principles and standards by federal and state banks Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. FFIEC Continued • Task Forces – 6 Under the direction of the FFIEC • Consumer Compliance – Promotes a uniform approach to consumer protection laws • Examiner Education – Oversees FFIEC examiner training. • Information Sharing – Sharing of information among its members. • Reports – Uniform financial reporting for members • Supervision – Supervision and examination procedures • Surveillance Systems – Develops Systems to Monitor the financial condition and the performance of financial institutions Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The Gramm-Leach Bliley Act (GLBA) ▪ The Financial Modernization Act of 1999 ▪ Protects personal financial information held by financial institutions Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Impacts of GLBA • Allows banks, securities, and insurance companies to merge • Financial activities include borrowing, lending, providing credit counseling, debt collection, and other activities • Protects nonpublic personal information (NPI) Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Nonpublic Personal Information (NPI) Social Security numbers Financial account numbers Credit card numbers Date of birth Name, address, and phone numbers when collected with financial data • Details of any transactions or the fact that an individual is a customer of a financial institution • • • • • Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. GLBA―Principal Parts GLBA Privacy Rule Legal Issues in Information Security Safeguards Rule Pretexting © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. GLBA Privacy Rule • Financial institutions may not share NPI with nonaffiliated third parties unless institution gives notice to consumer • The notice must tell consumers about types of data the institution collects and how it uses that information • Called a notice of privacy practices • Consumers have chance to opt out of some data sharing • Difference between Customer and Consumer • Amended by Financial Services Regulatory Relief Act of 2006 • April 2010 –Model Privacy Notice form Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. GLBA Safeguard Rule • Each agency must establish standards that: • Protect the security and confidentiality of customer information • Protect against threats to the security or integrity of customer information • Protect against unauthorized access to or use of customer information that could result in harm to a customer Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. GLBA Pretexting Rule • Pretexting • Trying to gain access to customer information without proper authority; also known as social engineering • Illegal to make false, fictitious, or fraudulent statements to a financial institution or its customers to get customer information • Illegal to use forged, counterfeit, lost, or stolen documents to do the same thing • Designed to stop identity theft Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The Federal Trade Commission Red Flags Rule ▪ Fair and Accurate Credit Transaction Act of 2003 (FACTA) ▪ Identify Theft Red Flags Rule ▪ Applies to financial institutions and creditors with covered accounts ▪ What is a covered Account? ▪ Requirements? ▪ Oversight? Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Red Flag Categories Suspicious Documents Suspicious Personal Identifying Information Notice of Identity Theft Legal Issues in Information Security Unusual Account Activity Credit Reporting Agency Alerts © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Red Flag Rules Continued… • Written Identity Theft Prevention Program • Detect, prevent and mitigate identity theft. • Employee training • Oversight • Federal Reserve System • FDIC • OCC • Enforcement • $2,500.00 • No private right of action Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Payment Card Industry (PCI) Data Security Standards (DSS) ▪ Safeguards and protects credit card data ▪ All merchants accepting credit cards must follow PCI DSS standards ▪ Single approach makes it easier for merchants to accept all cards Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Payment Card Industry Security Standards Counsel • Since 2006 • Comprised of Major Credit Card Companies • • • • • • • • • • MasterCard Visa American Express JCB International (Chase) Discovery NOT a government agency Purpose? Scope? Requirements? Oversight? Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. PCI DSS Controls and Rules ▪ Build and maintain a secure network ▪ Protect cardholder data ▪ Maintain a vulnerability management program ▪ Implement strong access control measures ▪ Regularly monitor and test networks ▪ Maintain an information security policy Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. How Effective Have these Measures Been? Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Examples of Breaches: • FTC vs. Nationwide Mortgage Group under GLBA • Target self reporting credit card data breaches • TJX – self reporting of credit card data breaches Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. •Neiman Marcus (retail). Between July and October 2013, the credit card information of 350,000 individuals was stolen, and more than 9,000 of the credit cards have been used fraudulently since the attack Sophisticated code written by the hackers allowed them to move through company computers, undetected by company employees for months. •Michaels (retail). Between May 2013 and January 2014, the payment cards of 2.6 million Michaels customers were affected. Attackers targeted the Michaels POS system to gain access to their systems. •Yahoo! Mail (communications). The e-mail service for 273 million users was reportedly hacked in January 2015, although the specific number of accounts affected was not released. •Aaron Brothers (retail). The credit and debit card information for roughly 400,000 customers of Aaron Brothers, a subsidiary of Michaels, was compromised by the same POS system malware. •AT&T (communications). For two weeks 2015 AT&T was hacked from the inside by personnel who accessed user information, including social security information. •eBay (retail). Cyber attacks in late February and early March 2015 led to the compromise of eBay employee log-ins, allowing access to the contact and log-in information for 233 million eBay customers. eBay issued a statement asking all users to change their passwords. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. •Bartell Hotels (hotel). The information for up to 55,000 customers was reportedly stolen between February and May, 2015. •U.S. Transportation Command contractors (transportation). A Senate report revealed that networks of the U.S. Transportation Command’s contractors were successfully breached 50 times between June 2012 and May 2013. At least 20 of the breaches were attributed to attacks originating from China. •J.P. Morgan Chase (financial). An attack in June was not noticed until August, 2015. The contact information for 76 million households and 7 million small businesses was compromised. The hackers may have originated in Russia and may have ties to the Russian government. •Dairy Queen International (restaurant). Credit and debit card information from 395 Dairy Queen and Orange Julius stores was compromised by the Backoff malware 2015. •Snapsave (communications). Reportedly, the photos of 200,000 users were hacked from Snapsave, a third-party app for saving photos from Snapchat, an instant photo-sharing app between 2014 and 2015 Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. •U.S. Investigations Services (services). U.S. Investigations Services, a subcontractor for federal employee background checks, suffered a data breach in August, 2015 which led to the theft of employee personnel information. Although no specific origin of attack was reported, the company believes the attack was state-sponsored. •Community Health Services (health care). At Community Health Service (CHS), the personal data for 4.5 million patients were compromised between April and June, 2015. CHS warns that any patient who visited any of its 206 hospital locations over the past five years may have had his or her data compromised. The sophisticated malware used in the attack reportedly originated in China. The FBI warns that other health care firms may also have been attacked. •UPS (services). Between January and August, 2014 customer information from more than 60 UPS stores was compromised, including financial data, reportedly as a result of the Backoff malware attacks. •Defense Industries (defense). Su Bin, a 49-year-old Chinese national, was indicted for hacking defense companies such as Boeing. Between 2009 and 2013, Bin reportedly worked with two other hackers in an attempt to steal manufacturing plans for defense programs, such as the F-35 and F-22 fighter jets. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. •Home Depot (retail). In 2015 Cyber criminals reportedly used malware to compromise the credit card information for roughly 56 million shoppers in Home Depot’s 2,000 U.S. and Canadian outlets. •Google (communications). Reportedly, 5 million Gmail usernames and passwords were compromised. About 100,000 were released on a Russian forum site. 2014-2015. •Apple iCloud (technology). Hackers reportedly used passwords hacked with brute-force tactics and third-party applications to access Apple user’s online data storage, leading to the subsequent posting of celebrities’ private photos online.[ It is uncertain whether users or Apple were at fault for the attack.] 2014-2015 •Goodwill Industries International (retail). Between February 2013 and August 2014, information for roughly 868,000 credit and debit cards was reportedly stolen from 330 Goodwill stores. Malware infected the chain store through infected third-party vendors. •SuperValu (retail). SuperValu was attacked between June and July, and suffered another malware attack between late August and September.The first theft included customer and payment card information from some of its Cub Foods, Farm Fresh, Shop ‘n Save, and Shoppers stores. The second attack reportedly involved only payment card data. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. •Five Chinese hackers indicted. Five Chinese nationals were indicted for computer hacking and economic espionage of U.S. companies between 2006 and 2014. The targeted companies included Westinghouse Electric (energy and utilities), U.S. subsidiaries of SolarWorld AG (industrial), United States Steel (industrial), Allegheny Technologies (technology), United Steel Workers Union (services), and Alcoa (industrial). •Unnamed public works (energy and utilities). According to the Department of Homeland Security, an unnamed public utility’s control systems were accessed by hackers through a brute-force attack on employee’s log-in passwords. 2015 •Feedly (communications). 2015 Feedly’s 15 million users were temporarily affected by three distributed denial-of-service attacks. •Evernote (technology). 2015 In the same week as the Feedly cyber attack, Evernote and its 100 million users faced a similar denial-of-service attack. •P.F. Chang’s China Bistro (restaurant). Between September 2013 and June 2014, credit and debit card information from 33 P.F. Chang’s restaurants was compromised and reportedly sold online. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. What are the Odds? • According to the Bureau of Justice Statistics 17.6 MILLION U.S. RESIDENTS EXPERIENCED IDENTITY THEFT IN 2014 • That represents about 7 percent of U.S. residents age 16 or older, were victims of at least one incident of identity theft in 2014. • The most common type of identity theft was the unauthorized misuse or attempted misuse of an existing account—experienced by 16.4 million persons. Victims may have experienced multiple types of identity theft. An estimated 8.6 million victims experienced the fraudulent use of a credit card, 8.1 million experienced the unauthorized or attempted use of existing bank accounts (checking, savings or other) and 1.5 million victims experienced other types of existing account theft, such as misuse or attempted misuse of an existing telephone, online or insurance account. • Source: Victims of Identity Theft, 2014 (NCJ 248991), was written by BJS statistician Erika Harrell. The report, related documents and additional information about the Bureau of Justice Statistics’ statistical publications and programs can be found on the BJS website at http://www.bjs.gov/. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. WEB SITES http://www.consumer.ftc.gov/article s/pdf-0119-guide-assisting-id-theftvictims.pdf https://www.consumer.ftc.gov/articl es/pdf-0094-identity-theftaffidavit.pdf https://www.consumer.ftc.gov/articl es/pdf-0009-taking-charge.pdf Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. THANK YOU! Please email your questions to Dr. Les Stovall Leslie.Stovall@UCumberlands.edu Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. LEARNING OBJECTIVES •DESCRIBE LAWS THAT PROTECT CHILDREN ON THE INTERNET AND LAWS THAT PROTECT INFORMATION OF CHILDREN IN EDUCATIONAL SETTINGS. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. KEY CONCEPTS Legal Issues in Information Security Protecting children on the Internet Family Educational Rights and Privacy Act (FERPA) Children’s Online Privacy Protection Act (COPPA) Children’s Internet Protection Act (CIPA) © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. CHALLENGES IN PROTECTING CHILDREN ON THE INTERNET Identification of children First Amendment and censorship Defining objectionable content Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. CHALLENGES TO IDENTIFYING CHILDREN…? How can you protect Children if you can’t identify them? Legal Issues in Information Security • Requiring User Input. • Requirement Payment for access to the site • Parental Controls • Parental Consent © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. BALANCE BETWEEN PROTECTING CHILDREN AND THE FIRST AMENDMENT DOES THE FIRST AMENDMENT APPLY TO THE INTERNET? FIRST AMENDMENT: • CONGRESS SHALL MAKE NO LAW RESPECTING AN ESTABLISHMENT OF RELIGION, OR PROHIBITING THE FREE EXERCISE THEREOF; OR ABRIDGING THE FREEDOM OF SPEECH, OR OF THE PRESS; OR THE RIGHT OF THE PEOPLE PEACEABLY TO ASSEMBLE, AND TO PETITION THE GOVERNMENT FOR A REDRESS OF GRIEVANCES. Legal Issues in Information Security • YES. THE GOVERNMENT CANNOT RESTRICT AN ADULT’S ACCESS TO CONTENT ON THE INTERNET. © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. PROTECTING CHILDREN FROM OBSCENITY Defining Obscenity: • See Roth vs. US, 354 U.S. 476 , (1957) • See Miller v. California, 413 US. 15, (1973) • See Jacobellis v. Ohio 378 US. 184 (1964) Work, taken as a whole, applying community standards (1) Appeals predominantly to the prurient interests (Unwholesome, Leud, vulgar, crude, Lustful, Lubricious, Lecherous, Salacious, Extrinsic, Pandemic, Imponderable, not part of the essential nature of someone) (2) Depicts or describes sexual conduct in a patently offensive way as defined by applicable state law (3) Lacks serious literary, artistic, political, or scientific value. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Jacobellis v. Ohio 378 US. 184 (1964) • JACOBELLIS V. OHIO, 378 U.S. 184 (1964), UNITED STATES SUPREME COURT 1964 QUESTION: COULD THE STATE OF OHIO BAN THE SHOWING OF THE LOUIS MALLE FILM THE LOVERS (LES AMANTS), WHICH THE STATE HAD DEEMED OBSCENE, WITHOUT VIOLATING THE FIRST AMENDMENT TO THE US CONSTITUTION. • FACTS: NICO JACOBELLIS, MANAGER OF THE HEIGHTS ART THEATRE IN CLEVELAND HEIGHTS, OHIO, WAS CONVICTED AND FINED $2,500 FOR EXHIBITING THE FILM, AND HIS CONVICTION WAS UPHELD BY THE SUPREME COURT OF OHIO. • THE U.S. SUPREME COURT REVERSED THE CONVICTION, RULING THAT THE FILM WAS NOT OBSCENE AND HENCE CONSTITUTIONALLY PROTECTED. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. JACOBELLIS V. OHIO 378 US. 184 (1964) • FAMOUSLY JUSTICE POTTER STEWART'S CONCURRING THAT CONSTITUTION PROTECTS ALL OBSCENITY EXCEPT "HARD-CORE PORNOGRAPHY“ WROTE OF PORNOGRAPHY, "I SHALL NOT TODAY ATTEMPT FURTHER TO DEFINE …(PORNOGRAPHY); AND PERHAPS I COULD NEVER SUCCEED IN INTELLIGIBLY DOING SO. BUT I KNOW IT WHEN I SEE IT, AND THE MOTION PICTURE INVOLVED IN THIS CASE IS NOT THAT." • THE COURT'S OBSCENITY JURISPRUDENCE WOULD REMAIN FRAGMENTED UNTIL 1973'S MILLER V. CALIFORNIA. MANY LEGAL OBSERVERS FEEL THAT, AFTER MILLER, IT REMAINED CONFUSING AND VAGUE. WHAT IS OBSCENE IN ONE PLACE CAN WELL BE COMPLETELY LEGAL IN ANOTHER. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. MILLER V. CALIFORNIA • FACTS: IN 1971, MARVIN MILLER, AN OWNER/OPERATOR OF A CALIFORNIA MAIL-ORDER BUSINESS SPECIALIZING IN PORNOGRAPHIC FILMS AND BOOKS, SENT OUT A BROCHURE ADVERTISING FOR BOOKS AND A FILM THAT GRAPHICALLY DEPICTED SEXUAL ACTIVITY. FIVE OF THE BROCHURES WERE MAILED TO A RESTAURANT IN CALIFORNIA . THE OWNER AND HIS MOTHER OPENED THE ENVELOPE AND SEEING THE BROCHURES, CALLED THE POLICE. • MILLER WAS ARRESTED FOR VIOLATING CALIFORNIA LAW WHICH PROHIBITED THE POSSESSION, EXHIBITION, SALE OR DISTRIBUTION FOR SALE ANY OBSCENE MATTER. • MILLER WAS TRIED IN ORANGE COUNTY, CALIFORNIA. JURY WAS INSTRUCTED TO EVALUATE THE EVIDENCE BY THE COMMUNITY STANDARDS OF CALIFORNIA. THE JURY RETURNED A GUILTY VERDICT. • MILLER APPEALED ARGUING THAT THE JURY INSTRUCTIONS DID NOT USE THE PRIOR STANDARD WHICH APPLIED A NATIONAL STANDARD AND WHICH READ THAT THE MATERIAL MUST BE “UTTERLY WITHOUT REDEEMING SOCIAL VALUE.” CRT OF APPEALS AFFIRMED THE JURY VERDICT. MILLER THEN APPEALED TO CALIFORNIA SUPREME COURT, WHICH DECLINED TO REVIEW. MILLER APPLIED TO THE SUPREME COURT FOR CERTIORARI, WHICH WAS GRANTED. • SUPREME COURT OPINED THAT WHAT MILLER WAS DISTRIBUTING WAS OBSCENE AND NOT PROTECTED BY THE FIRST AMENDMENT. Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. WHERE ARE WE TODAY? Basic case law resulting from these cases: Legal Issues in Information Security • Obscenity is not protected by the First Amendment and thus can be regulated by the state, which must conform to the three-part test of Miller v. California • (1) Whether the average person, applying contemporary community standards, would find that the work, taken as a whole, appeals to the prurient interest; • (2) Whether the work depicts or describes, in an offensive way, sexual conduct or excretory functions, specifically defined by applicable state law; and • (3) Whether the work, taken as a whole, lacks serious literary, artistic, political, or scientific value. © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. COPPA VS. COPA CHILDREN’S ONLINE PRIVACY PROTECTION ACT Passed in 1998, effective 2000, revised in 2012 Purpose: Governs how web sites collection from children under the age of 13 Legal Issues in Information Security CHILD ONLINE PROTECTION ACT Enacted in 1998, never became effective Purpose: Protect minors from access to harmful material on the internet. Ruled that copa violated first amendment free speech © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. COPPA CONTINUED… Definition of: • • • • Legal Issues in Information Security Child Parent Operator Personal Information Two main rules: • Must post privacy policy • Must obtain parental consent Who is regulated by COPPA-FTC What is a web site or online service for purposes of COPPA? Website, mobile app, internet gambling site, advertiser, etc. © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. CHILDREN'S ONLINE PRIVACY PROTECTION ACT (COPPA) Notice of information practices on home page Notice at each area where personal information from children is collected Notice must be clearly written and understandable Notice may not include any unrelated or confusing materials Notification of parent is required Verifiable parental consent is required COPPA CONTINUED… Privacy Policy Must Contain: Legal Issues in Information Security • Operator Contact Information • Notice of what information is collected • Notice of how information is collected • Notice of how the information will be used • Notice of whether the information is disclosed to 3rd parties • Assurance that participation is not conditioned on data collection • Parental rights © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. COPPA CONTINUED… CONTENTS OF THE NOTICE: GAINING PARENTAL CONSENT Take reasonable steps necessary to insure that parent receives notice of the sites data collection practices Legal Issues in Information Security Must have a way to verify that parental consent has been given That site had collected parental contact information from child That parent’s consent is required to use, collect or disclose the child’s information. Disclose specific items of data operator wants to collect How parent can give verifiable consent © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. COPPA CONTINUED… Verifiable consent • Only by parent • Verify identity of parent • Re-notice when data collection changes • May revoke consent Legal Issues in Information Security When Consent is not required? • When collecting an email address to respond to a one time request from a child • When providing an initial notice to parent • When collection is of the child’s name and online contact information to protect security of the site © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. COPPA CONTINUED… How can you verify parental consent? Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. CIPA REQUIREMENTS Schools and libraries must • Use technology filter protection measures • Protect against access to harmful visual depictions-offensive content was a visual depiction that is obscene, child pornography or harmful to minors • Adopt and enforce a policy to monitor the online activities of minors Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Minors are those 17 years of age or less CIPA … • BLOCK OFFENSIVE CONTENT • • • OBSCENE CHILD PORNOGRAPHY HARMFUL TO MINORS • • • • • TAKEN AS A WHOLE AND WITH RESPECT TO MINORS, APPEALS TO A PRURIENT INTEREST IN SEX, NUDITY OR EXCRETION DEPICTS, DESCRIBES OR REPRESENTS IN A PATENTLY OFFENSIVE WAY WITH RESPECT TO MINORS AN ACTUAL OR SIMULATED SEX ACT OR SEXUAL CONTACT, OR LEUD EXHIBITION OF THE GENITALS TAKEN AS A WHOLE LACKS SERIOUS LITERARY, ARTISTIC, POLITICAL OR SCIENTIFIC VALUE AS TO MINORS E-RATE REQUIREMENTS • • TECHNOLOGY TO FILTER VISUAL CONTENT (TPM) INTERNET SAFETY POLICY Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. PROXY SERVER USED FOR CONTENT FILTERING Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. CIPA CONTINUED… • INTERNET SAFETY POLICY • EXCEPTIONS • FEDERAL COMMUNICATIONS COMMISSION IS RESPONSIBLE FOR OVERSIGHT OF CIPA. • VIOLATIONS: PENALTIES INCLUDE REPAYING FUNDING AND SOMETIMES CRIMINAL SUIT Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. WHERE DO COPPA AND CIPA APPLY? Commercial Web sites Online services Educational institutions Libraries Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT GOAL-protection of student educational records SCOPE-”schools” that accept direct or indirect federal funding REQUIREMENTS-notification, access, amendment and disclosure Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. FERPA… Student pii definitions Attendance Education record Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. FERPA CONTINUED… Four main requirements • • • • Annual Notification by any means reasonably likely to inform: Access to Education Records: Amendment of education records: Disclosure of Education Records: Must be by written consent to release. • Exception • Oversight – Family Policy Compliance Office of US DOE Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. SCHOOL DISCLOSURE EXCEPTIONS IN FERPA Other schools to which a student is transferring School officials with legitimate educational interest Appropriate parties in connection with financial aid to a student In response to court order or subpoena To aid in an emergency Post-secondary schools: Can disclose PII of a student over age 18 to that student’s parents if student is a dependent for U.S. federal tax purposes DIRECTORY INFORMATION Name Address Telephone Number Date/Place of Birth Honors/ Awards Dates of Attendance Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. CRITICAL ASPECTS OF FERPA Right to inspect and review Right to correct records Parental written permission required SUMMARY Protecting children on the Internet Legal Issues in Information Security Family Educational Rights and Privacy Act (FERPA) Children’s Online Privacy Protection Act (COPPA) © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Children’s Internet Protection Act (CIPA) THANK YOU! • QUESTIONS? EMAIL ME AT SANDRA.REEVES@UCUMBERLANDS.EDU Legal Issues in Information Security © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Running head: CHILDREN LAWS AND REGULATION ON INTERNET

Children laws and regulation on the internet
Student Name
Name of Institution
Course

1

CHILDREN LAWS AND REGULATION ON INTERNET

2

Children laws and regulation on the internet
Introduction
Children protection is the concept that most of the government organizations have been
focusing on in order to promote the development of a nation. In addition, children protection
should aim at enhancing a peaceful life for the young generation throughout their lives.
Therefore, all countries have presented severals laws and regulation to protect children. In
general, most of the children laws are meant to protect children from violence, exploitation as
well as child abuse. The exploitation of the children is highly opposed by all governments,
especially in the US.
There various efforts that are outlined by the federal government as well as the Congress
in an attempt to formulate more laws to protect the younger generation. There is also the
establishment of children protection systems that are designed to govern how the rules governing
children are enacted. The European commission body presented detailed research concerning the
categories of children who need help. The groups include children victims of trafficking,
children with disability, street children, children in police custody as well as children who are a
victim of sexual abuse and exploitation.
The children’s online privacy protection act (COPPA)
The children online privacy protection act was a law enacted by the US Congress in 2000
in order to address the concerns about children accessibility to absence as well as harmful
information over the internet programs. The acts present the requirements as well as guidelines
on school as well as libraries that obtain specific payment due to the utilization of int...


Anonymous
Really helpful material, saved me a great deal of time.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags