ISOL633 GGU Lesson 6 Scope of Your State's Data & Security Breach Notification Law

User Generated

zngurjhue

Computer Science

ISOL633

Description

  1. On your local computer, create the lab deliverable files.
  2. Review the Lab Assessment Worksheet. You will find answers to these questions as you proceed through the lab steps.
  3. Currently, 47 states, the District of Columbia, Guam, Puerto Rico, and the Virgin Islands have data and security breach notification laws that define what organizations must do if they have had data or security breached that impact citizen privacy data. The National Conference of State Legislatures (NCSL) Web site tracks and organizes telecommunication and information technology state legislation. Review the NCSL Web site and data and security breach notification laws for each state listed at http://www.ncsl.org/IssuesResearch/Telecommunicati... eachNotificationLaws/tabid/13489/Default.aspx.
  4. Scroll down the list of states and find the state of Virginia.
  5. Click the Va. Code § 18.2-186.6 link.
  6. Review the “Breach of personal information notification” law.

Unformatted Attachment Preview

47 Lab #6 - Assessment Worksheet Identifying the Scope of Your State’s Data and Security Breach Notification Law Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you reviewed the data security breach notification laws for your state and you assessed the scope and depth of the privacy protection rights of a citizen in your state. Lab Assessment Questions & Answers 1. Were you successful in finding your state’s data and security breach notification law? Specify the name of the law. If you were unable to download your state’s law, use the state of Virginia to complete the question. 2. What is the purpose of state governments imposing a breach notification law on organizations to protect their citizens? 3. Explain how state government data security breach notification laws relate to individual privacy. Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual 48 | LAB #6 Identifying the Scope of Your State’s Data and Security Breach Notification Law 4. Assess the scope and depth of privacy protection rights that a citizen has by being a resident of a state. Write down the name of your state, and then identify the following for your state’s breach notification law: • Who or what does the law in your state protect? • Does the law include both for profit and nonprofit organizations? • Does the law have a financial penalty assessed to the negligent party if proven guilty? • Does your state require the organization to publicly announce a breach to the media? • Does your state notification law take into account encrypted data or doesn’t it matter whether the data is encrypted or not encrypted? • Does your state’s law define the amount of time an organization has to publicly announce that a breach has occurred? If yes, specify the time. If no, describe how your state handles this. 5. True or false: If you are a citizen in one state but the company that had a data and security breach with your privacy data resides in another, the company must adhere to the data and security breach notification law of your home state. 6. Because most states have data and security breach notification laws related to their citizens’ privacy, what is the number one reason for having these laws from a citizen protection perspective? 7. Some states define a data and security breach as the loss and exposure of citizen privacy data in an unencrypted manner. If a state encountered a data and security breach, but no citizen’s privacy data was compromised given that it was encrypted in a steady-state within a database, does the company or organization have to abide by the data and security breach notification law? 8. True or false: Unauthorized access to a system must occur for the data and security breach notification law to take precedence. Lab #6 Identifying the Scope of Your State’s Data and Security Breach Notification Law Introduction The United States does not have a unified data privacy law at the national level as, for example, many countries in Europe do. Laws such as the Health Insurance Portability and Accountability Act (HIPAA) and Gramm-Leach-Bliley Act (GLBA) are comprehensive and effective, but only protect consumers in a single industry. So, what if an individual’s private data is subjected to a security breach not covered by HIPAA or GLBA? Without an overarching federal mandate in effect, a company that discovered its data had been compromised is not compelled to notify all the affected individuals. Notification, and possible liability to provide identity theft protection, comes only in laws including mandated security breach notifications. To bridge the gap in privacy protection, most states have enacted their own privacy laws. With the help of the Internet, you can research these gaps and find out what your state does to protect your privacy. For instance, the purpose of the National Conference of State Legislatures (NCSL) is, according to its Web site, to provide “access to current state and federal legislation and a comprehensive list of state documents, including state statutes, constitutions, legislative audits, and research reports.” In this lab, you will review the data security breach notification laws for your state and you will assess the scope and depth of the privacy protection rights of a citizen in your state. Learning Objectives Upon completing this lab, you will be able to: Relate state government data security breach notification laws to individual privacy. Explain why state governments have data security breach notification laws. Find a specific state’s data and security breach notification law. Download a copy of a specific state’s data and security breach notification law. Assess the scope and depth of the privacy protection rights of a citizen of any particular state. 42 43 Deliverables Upon completion of this lab, you are required to provide the following deliverables to your instructor: 1. Lab Report file; 2. Lab Assessments file. Instructor Demo The Instructor will present the instructions for this lab. This will start with a general discussion about privacy law and how state governments implement data and security breach notification laws to inform their citizens that their privacy data has been compromised. The Instructor will then demonstrate the National Conference of State Legislatures (NCSL) Web site where a complete listing of data and security breach notification laws for 47 states as well as the District of Columbia, Guam, Puerto Rico, and the Virgin Islands are listed (three states have not passed legislation as of April 2014): http://www.ncsl.org/IssuesResearch/TelecommunicationsInformationTechnology/SecurityBreach NotificationLaws/tabid/13489/Default.aspx Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual 44 | LAB #6 Identifying the Scope of Your State’s Data and Security Breach Notification Law Hands-On Steps Note: This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft® Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab deliverable files. 1. On your local computer, create the lab deliverable files. 2. Review the Lab Assessment Worksheet. You will find answers to these questions as you proceed through the lab steps. 3. Currently, 47 states, the District of Columbia, Guam, Puerto Rico, and the Virgin Islands have data and security breach notification laws that define what organizations must do if they have had data or security breached that impact citizen privacy data. The National Conference of State Legislatures (NCSL) Web site tracks and organizes telecommunication and information technology state legislation. Review the NCSL Web site and data and security breach notification laws for each state listed at http://www.ncsl.org/IssuesResearch/TelecommunicationsInformationTechnology/SecurityBr eachNotificationLaws/tabid/13489/Default.aspx. 4. Scroll down the list of states and find the state of Virginia. 5. Click the Va. Code § 18.2-186.6 link. 6. Review the “Breach of personal information notification” law. Reading Codified Law If reading law text makes your eyes hurt, you are not alone. Legal text is jokingly known to be challenging to read, let alone understand. Statutory law is rarely written in a narrative form. Instead, it is very structured, if not formulaic. To make matters worse, a whole section might exist simply to explain a single prior word, for example, “redact” in the case of Va. Code § 18.2-186.6. This codified law is very structured and organized, laid out logically in nested divisions just as a software developer would develop “code.” The increasingly narrow divisions start from the top as Titles, Chapters, Parts, Sections, Paragraphs, and down to Clauses. Each of those divisions can be broken into subdivisions, for example, a Paragraph of three Subparagraphs, with one Subparagraph containing 10 Clauses. Laws are broken down this way on purpose, to provide the reader clear, and clearer, definitions of a narrow topic. The best approach is to be aware of the numbering to know when you going deeper into a definition, or rising back out of one. 7. In your Lab Report file, explain how state government data security breach notification laws relate to individual privacy. 45 Note: Virginia has two breach notification laws, the first being the general statute you explained in lab step 7. Its second law is specific to health care information. Virginia’s law 32.1-127.1:05 was signed in 2010. It is different from HIPAA in that the state law is relevant to those entities that aren’t already covered by HIPAA. Virginia law 32.1127.1:05 also provides a detailed definition of “medical information.” 8. Click the Back button on your browser (or, if the Va. Code link opened a new window, close that window). 9. After you have returned to the list of states, scroll to find your state. 10. Click and download the security breach notification laws for your state. If you cannot download your state’s security breach laws, return to the state of Virginia and use that information to complete this lab. 11. In your Lab Report file, describe the privacy protection rights that a citizen in your state has. Note: This completes the lab. Close the Web browser, if you have not already done so. Copyright © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual 46 | LAB #6 Identifying the Scope of Your State’s Data and Security Breach Notification Law Evaluation Criteria and Rubrics The following are the evaluation criteria for this lab that students must perform: 1. Relate state government data security breach notification laws to individual privacy. – [20%] 2. Explain why state governments have data security breach notification laws. – [20%] 3. Find a specific state’s data and security breach notification law. – [20%] 4. Download a copy of a specific state’s data and security breach notification law. – [20%] 5. Assess the scope and depth of the privacy protection rights of a citizen of any particular state. – [20%] ISOL 633 Legal, Regulations, Investigations, and Compliance UNIVERSITY OF THE CUMBERLANDS School of Computer and Information Sciences HOUSEKEEPING ➢ Midterm Exam ➢ Course Paper ➢ Homework Assignments ➢ Week Five Lecture CHAPTER NINE: STATE LAWS PROTECTING CITIZEN INFORMATION AND BREACH NOTIFICATION LAWS  The Breached that Spurred the Laws  California’s Notification Laws  Decision Making: Notify or Not?  Encryption Regulations  Disposal of Sensitive Consumer Data CHAPTER NINE: STATE LAWS PROTECTING CITIZEN INFORMATION AND BREACH NOTIFICATION LAWS  State governments have created data protection laws.  In some ways, many states are more aggressive in trying to protect their citizens’ personal information than the federal government.  Many state laws apply to businesses that aren’t actually in the particular state.  California Breach Notification Act - This law applies to anyone who owns or uses data that contains the unencrypted personal information of California residents. CHAPTER NINE SUMMARY This chapter reviewed state laws that protect data. States have been very active in trying to protect the personal data of their residents. They’ve created many different laws to protect the security and privacy of this information. They’ve created these laws because there’s no one comprehensive federal data privacy or security law. When reviewing state laws that protect certain types of data, it’s important for you to think about what other state or federal laws might also protect the data. CHAPTER TEN: INTELLECTUAL PROPERTY LAW GENERAL CONSIDERATIONS  Black’s Law Definition 1. A category of intangible rights protecting commercially valuable products of human intellect. 2. A commercially valuable product of the human intellect, in a concrete or abstract form, such as a copyrightable work, a protectable trademark, a patentable invention, or a trade secret. ➢ ➢ ➢ ➢ ➢ Why Are We Examining IP? Prevalence of electronic data Easy to steal, misuse, delete, edit File-sharing of media Protect company, employees, self Many IP Classifications CHAPTER TEN: INTELLECTUAL PROPERTY LAW PATENTS  Protectable = (novel) + (useful) + (non-obvious)  Strongest of IP protection  Prevent others’ use typically for 20 years  Publishing the patent stimulates further invention CHAPTER TEN: INTELLECTUAL PROPERTY LAW TRADEMARKS  Projects the “good will” that merchants or vendors invest in the recognition of their products  Gives the owner of the markings exclusive rights over the item for which the trademark was granted  Trademarks are registered with a government registrar CHAPTER TEN: INTELLECTUAL PROPERTY LAW TRADE SECRETS Proprietary business or technical information, processes, designs, practices, etc., that are confidential and critical to the business. CHAPTER TEN: INTELLECTUAL PROPERTY LAW COPYRIGHTS  Protects expression of ideas, not the ideas themselves.  Work for Hire  Programs, Writings, Recordings  Original work of authorship CHAPTER TEN SUMMARY Intellectual property protection is broad. It protects a person’s ownership rights in their creative ideas. It gives them the right to protect their ideas and profit from them. These rights are exclusive to the owners of intellectual property. They can take action against people who violate their IP rights. Intellectual property protection is particularly important to think about as more content becomes available on the Internet. Intellectual property law protects ideas once they’re in a physical form. When materials are published on the web, they’re in a physical form. Traditional legal concepts about IP ownership are used to protect materials published on the Internet. HOMEWORK ASSIGNMENTS Make real progress on the Course Paper Lab #6 – Identifying the Scope of Your State’s Data and Security Breach Notification Law Lab #7 – Case Study on Digital Millennium Record Act: Napster Read Chapters Eleven and Twelve
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Hello, please find the attached lab. Please let me know if you have any question,Thanks and Goodbye😎

Running Head LAB 6

1

Lab 6
Name
Course
Instructor
Date

Lab 6
National Conference of State Legislature (NCSL) stated that “all 50 states, the District of
Columbia, Guam, Puerto Rico, and the Virgin Islands have enacted legislation requiring private
or governmental entities to notify individuals of security breaches of information involving
personally identifiable information.” (NCSL, 2019). When it comes to managing the breach of
data, all states have their individual laws for the reason that the USA, overall, lacks its individual
integrated federal law comprising protection of data that GLBA or HIPAA does not cover. As
the state selected for this lab is Virginia, law of security and data breach notification for Virginia
will be discussed and analyzed ...


Anonymous
Really useful study material!

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags