Chapter 4: Laws, Regulations, and Compliance

Slides:

Advertisements

Similar presentations

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP

Advertisements

IT Security Policy Framework

Department of Information Systems Brigham and Womens Hospital Laptop Encryption Catherine McGoldrick Schroeder Corp. Mgr, BWH IS Management & Planning.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Today’s Schools face:  Numerous State and Federal Regulations  Reduced Technology Funding  More Stringent Guidelines for Technology Use.

Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

H IPAA PRIVACY WORK GROUP FOR EYE BANKS EBAA HIPAA PRIVACY WORK GROUP Christina W. Strong, Esq., Facilitator.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

Principles of Information Security, 3rd Edition2 Introduction  You must understand scope of an organization’s legal and ethical responsibilities  To.

Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations.

Security Controls – What Works

E-Commerce: Legal and Practical Issues Legal Issues: Security – December 2, 2005 Stephen M. Foxman Philadelphia.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

2 HIPAA, HITECH, and Medical Records. Learning Outcomes When you finish this chapter, you will be able to: 2.1Discuss the importance of medical records.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

IT Legislation & Regulation CS5493. Information has become a valued asset for commerce and governments. … as a result of its value, information is a target.

Legal, Ethical, and Professional Issues In Information Security.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

© 2003 by Carnegie Mellon University page 1 Tailoring OCTAVE ® for K-12 ® OCTAVE is registered with the U.S. Patent and Trademark Office by Carnegie Mellon.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

Enforcement of Intellectual Property Rights in the Republic of Macedonia State Office of Industrial Property of the Republic of Macedonia ______________________________.

Chapter Two Ethical & Legal Issues.

> > > > Business Law Appendix A. Legal System & Administrative Agencies The judiciary is the court system, the brand of government responsible for settling.

In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

Electronic Records Management: What Management Needs to Know May 2009.

Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)

Other Laws (Primarily for E-Government) COEN 351.

CISSP For Dummies Chapter 12 Legal, Regulations, Investigations, and Compliance Last updated

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP

RESPONSIBLE SHREDDING Bob Johnson CEO, NAID. Compliant and secure disposition.

ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.

Risk Assessment. InfoSec and Legal Aspects Risk assessment Laws governing InfoSec Privacy.

Privacy, Confidentiality, Security, and Integrity of Electronic Data

Class Discussion Notes MKT April 10, 2001.

© Copyright 2011, Vorys, Sater, Seymour and Pease LLP. All Rights Reserved. Higher standards make better lawyers. ® CISO Executive Network Executive Breakfast.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

Lecture 11: Law and Ethics

Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Bryce K. Earl, Esq. and Thomas G. Grace, Esq Presentation To: Association of Corporate Counsel January 26, 2010 ______________________________ Covenants.

Copyright ©2014 by Saunders, an imprint of Elsevier Inc. All rights reserved 1 Chapter 02 Compliance, Privacy, Fraud, and Abuse in Insurance Billing Insurance.

Computer Forensics Law & Privacy © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering, WVU.

HIPAA Health Insurance Portability and Accountability Act of 1996.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Robert J. Scott. Agenda Licensing Models Perpetual vs. Subscription User vs. Device Agreement Types Microsoft Business and Services Agreement Online Subscription.

Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.

Western Asset Protection

© 2010 Pearson Education, Inc., publishing as Prentice-Hall 1 INTERNET LAW AND E-COMMERCE © 2010 Pearson Education, Inc., publishing as Prentice-Hall CHAPTER.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.

Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Key Points for a Privacy Programme for Multinationals Steve Coope.

 Health Insurance and Accountability Act Cornelius Villalon Jr.

Pioneers in secure data storage devices. Users have become more accustomed to using multiple devices, are increasingly mobile, and are now used to storing.

Law and Ethics INFORMATION SECURITY MANAGEMENT

10 Patient Confidentiality and HIPAA

What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.

Regulatory Compliance

E&O Risk Management: Meeting the Challenge of Change

My First Template.

Chapter 4 Law, Regulations, and Compliance

CompTIA Security+ Study Guide (SY0-401)

Presentation transcript:

Chapter 4: Laws, Regulations, and Compliance

Categories of Laws Criminal law Civil law Administrative law

Criminal Law Preserves peace Keeps society safe Penalties include Community service Fines Prison Enacted through legislation

Civil Law Provides for orderly society Governs matters that are not crimes Enacted through legislation Punishment includes financial penalties

Administrative Law Policies, procedures, and regulations Governs the daily operations of an entity Enacted by government agencies, not the legislature

Laws Computer crime Intellectual property Licensing Import/export Privacy

Computer Crime Computer Fraud and Abuse Act Computer Security Act Federal Sentencing Guidelines National Information Infrastructure Protection Act Paperwork Reduction Act Government Information Security Reform Act Federal Information Security Management Act

Intellectual Property Copyrights Digital Millennium Copyright Act Trademarks Patents Trade secrets Economic Espionage Act

Licensing Contractual license agreements Shrink‐wrap license agreements Click‐through license agreements Cloud services license agreements Uniform Computer Information Transactions Act

Import/Export Transborder data flow of new technologies, intellectual property, and personally identifying information Computer export controls Encryption export controls

Privacy U.S. Privacy Law (1/2) Fourth Amendment Privacy Act Electronic Communications Privacy Act Communications Assistance for Law Enforcement Act (CALEA) Economic and Protection of Proprietary Information Act Health Insurance Portability and Accountability Act (HIPAA)

Privacy U.S. Privacy Law (2/2) Health Information Technology for Economic and Clinical Health Act (HITECH) Data Breach Notification Laws Children’s Online Privacy Protection Act (COPPA) Gramm‐Leach‐Bliley Act USA PATRIOT Act Family Educational Rights and Privacy Act (FERPA) Identity Theft and Assumption Deterrence Act

Privacy European Union Privacy Law Consent Contract Legal obligation Vital interest of the data subject Balance between the interests of the data holder and the interests of the data subject Key rights of individuals Safe harbor provisions

Compliance Security regulation can become complex Issues with regulatory agencies and contractual obligations Overlapping and often contradictory requirements May require full-time compliance staff Compliance audits and reporting Payment Card Industry Data Security Standard (PCI DSS)

Contracting and Procurement Using cloud and service vendors requires contract scrutiny. You must perform security review and vendor governance. You must tailor the contract to your specific concerns and review it.