Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 4: Laws, Regulations, and Compliance

Published byPaul Tucker Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 4: Laws, Regulations, and Compliance"— Presentation transcript:

1 Chapter 4: Laws, Regulations, and Compliance

2 Categories of Laws Criminal law Civil law Administrative law

3 Criminal Law Preserves peace Keeps society safe Penalties include
Community service Fines Prison Enacted through legislation

4 Civil Law Provides for orderly society
Governs matters that are not crimes Enacted through legislation Punishment includes financial penalties

5 Administrative Law Policies, procedures, and regulations
Governs the daily operations of an entity Enacted by government agencies, not the legislature

6 Laws Computer crime Intellectual property Licensing Import/export
Privacy

7 Computer Crime Computer Fraud and Abuse Act Computer Security Act
Federal Sentencing Guidelines National Information Infrastructure Protection Act Paperwork Reduction Act Government Information Security Reform Act Federal Information Security Management Act

8 Intellectual Property
Copyrights Digital Millennium Copyright Act Trademarks Patents Trade secrets Economic Espionage Act

9 Licensing Contractual license agreements
Shrink‐wrap license agreements Click‐through license agreements Cloud services license agreements Uniform Computer Information Transactions Act

10 Import/Export Transborder data flow of new technologies, intellectual property, and personally identifying information Computer export controls Encryption export controls

11 Privacy U.S. Privacy Law (1/2) Fourth Amendment Privacy Act
Electronic Communications Privacy Act Communications Assistance for Law Enforcement Act (CALEA) Economic and Protection of Proprietary Information Act Health Insurance Portability and Accountability Act (HIPAA)

12 Privacy U.S. Privacy Law (2/2)
Health Information Technology for Economic and Clinical Health Act (HITECH) Data Breach Notification Laws Children’s Online Privacy Protection Act (COPPA) Gramm‐Leach‐Bliley Act USA PATRIOT Act Family Educational Rights and Privacy Act (FERPA) Identity Theft and Assumption Deterrence Act

13 Privacy European Union Privacy Law Consent Contract Legal obligation
Vital interest of the data subject Balance between the interests of the data holder and the interests of the data subject Key rights of individuals Safe harbor provisions

14 Compliance Security regulation can become complex
Issues with regulatory agencies and contractual obligations Overlapping and often contradictory requirements May require full-time compliance staff Compliance audits and reporting Payment Card Industry Data Security Standard (PCI DSS)

15 Contracting and Procurement
Using cloud and service vendors requires contract scrutiny. You must perform security review and vendor governance. You must tailor the contract to your specific concerns and review it.

Download ppt "Chapter 4: Laws, Regulations, and Compliance"

Similar presentations

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP www.ScottandScottllp.com.

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP
IT Security Policy Framework

IT Security Policy Framework
Department of Information Systems Brigham and Womens Hospital Laptop Encryption Catherine McGoldrick Schroeder Corp. Mgr, BWH IS Management & Planning.

Department of Information Systems Brigham and Womens Hospital Laptop Encryption Catherine McGoldrick Schroeder Corp. Mgr, BWH IS Management & Planning.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Today’s Schools face:  Numerous State and Federal Regulations  Reduced Technology Funding  More Stringent Guidelines for Technology Use.

Today’s Schools face:  Numerous State and Federal Regulations  Reduced Technology Funding  More Stringent Guidelines for Technology Use.
Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,

Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
H IPAA PRIVACY WORK GROUP FOR EYE BANKS EBAA HIPAA PRIVACY WORK GROUP Christina W. Strong, Esq., Facilitator.

H IPAA PRIVACY WORK GROUP FOR EYE BANKS EBAA HIPAA PRIVACY WORK GROUP Christina W. Strong, Esq., Facilitator.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
Principles of Information Security, 3rd Edition2 Introduction  You must understand scope of an organization’s legal and ethical responsibilities  To.

Principles of Information Security, 3rd Edition2 Introduction  You must understand scope of an organization’s legal and ethical responsibilities  To.
Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.

Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations.
Security Controls – What Works

Security Controls – What Works
E-Commerce: Legal and Practical Issues Legal Issues: Security – December 2, 2005 Stephen M. Foxman Philadelphia.

E-Commerce: Legal and Practical Issues Legal Issues: Security – December 2, 2005 Stephen M. Foxman Philadelphia.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
2 HIPAA, HITECH, and Medical Records. Learning Outcomes When you finish this chapter, you will be able to: 2.1Discuss the importance of medical records.

2 HIPAA, HITECH, and Medical Records. Learning Outcomes When you finish this chapter, you will be able to: 2.1Discuss the importance of medical records.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
IT Legislation & Regulation CS5493. Information has become a valued asset for commerce and governments. … as a result of its value, information is a target.

IT Legislation & Regulation CS5493. Information has become a valued asset for commerce and governments. … as a result of its value, information is a target.

Similar presentations

Ads by Google