The illusion of privacy and protection … Legal, Privacy, Ethical Issues Barbara Endicott-Popovsky INFO498.

Slides:



Advertisements
Similar presentations
IT Security Policy Framework
Advertisements

Ethics, Privacy and Information Security
Confidentiality and HIPAA
Massachusetts privacy law and your business  Jonathan Gossels, President, SystemExperts Corporation  Moderator: Illena Armstrong  Actual Topic: Intersecting.
Deter, Detect, Defend: The FTC’s Program on Identity Theft.
Presented by: Dan Landsberg August 12, Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations.
Security Controls – What Works
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
CS 5950 Computer Security and Information Assurance Section 7: Legal, Privacy, and Ethical Issues in Computer Security Dr. Leszek Lilien Department of.
1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Information Technology for the Health Professions, 2/e By Lillian Burke and Barbara Weill ©2005 Pearson Education, Inc. Pearson Prentice Hall Upper Saddle.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Chapter 9 – Legal, Privacy, and Ethical Issues in Computer Security  Program and data protection by patents, copyrights, and trademarks  Computer Crime.
ETHICS, POLICY & SECURITY ISSUES 1CIIT---ETHICS,POLICY AND SECURITY ISSUES.
K. Salah1 Legal, Privacy, & Ethical Issues. K. Salah2 Overview Human Controls Applicable to Computer Security The Basic Issues Computer Crime Privacy.
12.1 © 2007 by Prentice Hall 12 Chapter Ethical and Social Issues in Information Systems.
12.1 © 2007 by Prentice Hall 12 Chapter Ethical and Social Issues in Information Systems.
General Awareness Training
Evolving IT Framework Standards (Compliance and IT)
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)
HIPAA PRIVACY AND SECURITY AWARENESS.
Anonymity, Security, Privacy and Civil Liberties
Legal and Ethical Issues. Major Topics Protecting Programs and Data Information and the Law Rights of Employees and Employers Software Failures Computer.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Legal and Ethical Issues in Computer Security
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web 1 Component 4/Unit 2Health IT Workforce Curriculum.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Computing Essentials 2014 Privacy, Security and Ethics © 2014 by McGraw-Hill Education. This proprietary material solely for authorized instructor use.
Risk Assessment. InfoSec and Legal Aspects Risk assessment Laws governing InfoSec Privacy.
Privacy, Confidentiality, Security, and Integrity of Electronic Data
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
© Copyright 2011, Vorys, Sater, Seymour and Pease LLP. All Rights Reserved. Higher standards make better lawyers. ® CISO Executive Network Executive Breakfast.
Lecture 11: Law and Ethics
Privacy in computing Material/text on the slides from Chapter 10 Textbook: Pfleeger.
Lesson 5-Legal Issues in Information Security. Overview U.S. criminal law. State laws. Laws of other countries. Issues with prosecution. Civil issues.
ETHICS, POLICY & SECURITY ISSUES
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.
Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.
1 Policy Types l Program l Issue Specific l System l Overall l Most Generic User Policies should be publicized l Internal Operations Policies should be.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
MIS 2000 Social Implications of IST. Outline Law & Ethics Accountability and Liability Information Rights Privacy Computer Abuse and Crime Intellectual.
Intellectual Property. Confidential Information Duty not to disclose confidential information about a business that would cause harm to the business or.
Security and Ethics Safeguards and Codes of Conduct.
Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.
Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.
Chapter 4: Laws, Regulations, and Compliance
CHAPTER 8 Legal, Privacy and Ethical Issues in Computer Security (c) by Syed Ardi Syed Yahya Kamal, UTM
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Data Security in the Cloud and Data Breaches: Lawyer’s Perspective Dino Tsibouris Mehmet Munur
Foundations of Organizational Information Assurance Fall 2007 Dr. Barbara Endicott-Popovsky IMT551.
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Slide 1 © 2013, Ian Tan TSC2211 Computer Security Slide 1 TSC2211 Computer Security Lecture 12 Legal Issues.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
CyberLaw. Assignment Review Cyber LawCyberLaw 6/23/2016 CyberLaw 3 Securing an Organization  This Chat: CyberLaw and Compliance –Forensics –Privacy.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
Information Security and Privacy in HRIS
Privacy and the Law.
Chapter 10 Cyberlaw, Social Media, and Privacy
ETHICAL & SOCIAL IMPACT OF INFORMATION SYSTEMS
Legal and Ethical Issues in Computer Security
Chapter 3: IRS and FTC Data Security Rules
Who Uses Encryption? Module 7 Section 3.
Computer Security Class 1
Presentation transcript:

The illusion of privacy and protection … Legal, Privacy, Ethical Issues Barbara Endicott-Popovsky INFO498

Agenda  I.The Basic Issues  II. The Law  III. Privacy  IV.Ethical Issues  V. Remedies

The Basic Issues Source: Laudon and Laudon. Management Information Systems, 6 th ed. New Jersey, Informatio n Technolog y and Systems Ethical Issues Political Issues Social Issues Information Rights and Obligations Property Rights and Obligations Accountability and Control Systems Quality Quality of Life Individual Society Polity

The Law

The Legal Structure: Criminal vs. Civil Law Criminal Law Civil Law Defined byStatutesContracts Common law Cases brought by Government Individuals Companies Wronged Party SocietyIndividuals Companies RemedyJail, fine Damages, usually monetary

The Legal View of Information  As an object Not depletable Can be replicated Has minimal marginal cost Value is often time dependent Can be transferred intangibly  Legal issues Information commerce Electronic publishing Protecting data in DB e-Commerce Source: Pfleeger & Pfleeger

Complexity of the Legal Issues Tap the keyboard Read the screen? Monitor emissions? Scan the hard drive? Trojan program? Tap communications? Is the data stored? Encrypted? Routed? Has the recipient read it? Stored it? Deleted it? Recovery possible? Who owns the system? Who “gives consent”?

Protecting Intellectual Property (IP)  Copyrights—works of the mind Intellectual Property Digital Millennium Copyright Act  Patents—tangible objects  Trade Secrets—competitive edge info Source: Pfleeger & Pfleeger

Comparing Copyright, Patent and Trade Secret Protection CopyrightPatentTrade Secret Protects Expression of idea, not idea itself Invention—way something works A secret, competitive advantage Protected Object Made Public Yes, intention is to promote pub. Design filed at Patent Office No Requirement to Distribute YesNo Ease of filingVery easy, do-it- yourself Very complicated; specialist lawyer suggested No filing Duration Individual’s life + 70 years 19 yearsIndefinite Legal Protection Sue if unauthorized copy sold Sue if invention copied Sue if secret stolen Source: Pfleeger & Pfleeger

IP Rights of Employees/Employers  Ownership of Products  Ownership of a Patent  Ownership of a Copyright  Work for Hire  Licenses  Trade Secret Protection  Employment Contracts Source: Pfleeger & Pfleeger

Product Liability  Selling correct software  Reporting software flaws Vendor interests User interests Responsible vulnerability reporting Quality Software Source: Pfleeger & Pfleeger

Cryptography Restrictions  Controls on export  Controls on use  Free speech issues  Key escrow issues

Computer Crime  Rules of Property  Rules of Evidence  Threats to Integrity and Confidentiality  Value of Data  Acceptance of Computer Terminology  Hard to Define  Hard to Prosecute US Computer Fraud and Abuse Act US Economic Espionage Act US Electronic Funds Transfer Act US Freedom of Information Act US Privacy Act US Electronic Communications Privacy Act USA Patriot Act

Computer Crime (cont’d.)  International EU Data Protection Act Restricted Content Cryptography Use  Criminals are hard to catch  Law is not precise

Emergence of Computer Forensics  Technology  Law Enforcement  Individual and Societal Rights  Judiciary  …

Privacy

Threats to Privacy  Identity Theft  Aggregation and Data Mining  Poor System Security  Government Threats  The Internet  Privacy vs. Security Concerns  Corporate Rights and Private Business  Privacy for Sale  Controls Authentication Anonymity Computer Voting Pseudonymity The Law—EU Protection Act, HIPAA, Graham-Leach-Bailey Source: Pfleeger & Pfleeger

Examples  Buying and selling confidential information from Social Security files.  Browsing IRS files.  Buying and selling bank account name lists.  : A Princeton University student stole ~1800 credit card numbers, customer names, and user passwords from an e-commerce site. House Ways and Means Committee, 102nd Congress, , Washington Post, S. Barr, 2 Aug (4) Freeh, Testimoney 2000

Skimming – from ABC.com

The FTC Suggests…  Contact the 3 major credit agencies –Check credit –Put “stop” on unapproved new cards –Issue “fraud alert”  Close all accounts –Open new ones w/o mother’s maiden name (use password)  File report in the appropriate jurisdiction  Keep copies of those records –… and now there’s an ID Theft Affidavit, too

Ethics

Ethical Issues  Law vs. Ethics  Ethics vs. Religion Universality ?? Pluralism ??  Ethical Approaches Consequence-based—i.e. utilitarianism Rules-based—deontology Source: Pfleeger & Pfleeger

Codes of Ethics  IEEE  ACM  Computer Ethics Institute  10 Commandments of Computer Use Brookings Institute Source: Pfleeger & Pfleeger

Remedies

Current Business Environment  Legislation is beginning to shape corporate and personal liability. –HIPAA –Gramm-Leach-Bliley –Sarbanes-Oxley –21 CFR part 11 –California Senate Bill 1386

HIPAA  Health Insurance Portability and Accountability Act  Noncompliance = fines  Deliberate noncompliance = fines and imprisonment  Doctors hate compliance

Gramm-Leach-Bliley  “Interagency Guidelines Establishing Standards for Safeguarding Customer Information”  Identify reasonably foreseeable internal and external threats  Assess the likelihood and potential damage of these threats  Assess the sufficiency of policies, procedures, etc…

Sarbanes-Oxley  Increases regulatory visibility and accountability for public companies  Holds CEOs and CFOs personally responsible for accuracy  “Management Assessment of Internal Controls”  ISO – encryption and digital signatures recommended  Why is this a security thing? (hint: lifetime imprisonment)

21 CFR part 11  FDA guidelines on encryption and digital signatures  Integrity of audit trails  Non-repudiation for sign-off  Drug performance liability

California Senate Bill 1386 “Any business or agency that uses a computer to store confidential personal information about a California resident, must immediately notify that individual, upon discovering any breach to the computer system on which this information is stored. Failure to notify the individual(s) could subject the business/agency to civil damages and lawsuits.” Failure to deal with these risks could trigger violations of Sarbanes-Oxley.

Where is all this going?  Government regs never decrease  Universal definitions of “standard of care”  Computer/Electronic security seen as a differentiator  E-risk will be significant for insurance profile  Opportunities !!!

Less Ad Hoc, More Discipline  "Security will be approached not from a bottom-up approach, but rather from a top- down, business-driven philosophy based on risk assessment, policy analysis and then, and only then, technical application," Placer says.  "The days of simply doing a vulnerability scan analysis of hardware will be replaced by a comprehensive analysis for procedural security weaknesses with regards to a company's business practices." Cost/Benefit

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.