Beruflich Dokumente
Kultur Dokumente
MISSION CISSP
Determine compliance
requirements
Understanding Computer
crimes
Understanding Compliance
requirements
MISSION CISSP
Understanding Privacy
MISSION CISSP
Privacy Laws
Data Data
Data subject processor
collector
MISSION CISSP
Types of Personal Information
MISSION CISSP
Common Privacy Principles
OECD Privacy principles are the internationally accepted framework.
The privacy principles includes:
• Collection Limitation principle
• Data quality Principle
• Purpose specification Principle
• Use limitation Principle
• Security Safeguard Principle
• Openness Principle
• Individual participation Principle
• Accountability Principle
MISSION CISSP
US specific Privacy laws
MISSION CISSP
Privacy Act of 1974
• Scope is limited to Federal agencies
• Limits the Federal agencies to disclose citizen data without
his/her consent
• Limiting the collection of personal information to the extend
required
• Mandates the data to be destroyed security after it’s use is over
• Provisioned the citizens to have access to their PI and request
for amendments whenever needed
MISSION CISSP
Electronic Communications Privacy Act (ECPA)
• Enacted in 1986 and relates to electronic privacy
• Invasion of privacy is defined as a criminal offense
• Defines the wiretapping and monitoring of mobile conversation as
illegal activity
• Prohibits disclosure of electronic communication
• Defines in which situations the data can be disclosed
MISSION CISSP
Economic Espionage Act of 1996
• Extended the definition of property to include any proprietary
economic information
• This expanded the definition of theft to include theft of both
tangible and intangible assets
• Theft of proprietary information is tagged as corporate
espionage
MISSION CISSP
HIPAA The health Information portability and
Accountability act (HIPPA)
• Dedicated act for individual health related information
MISSION CISSP
Health information Technology for economic and
clinical health (HITECH)
• HIPPA amendment in Feb 2009
• Widened the scope of HIPPA
• Introduced new data breach notifications requirements
MISSION CISSP
Children's Online Privacy Protection Act of 1998
(COPPA)
• COPPA mandated specific
requirements or websites
MISSION CISSP
The Gramm-Leach-Bliley Act (GLBA) of 1999
• Also called Safeguard Rule
• Financial institutions must develop appropriate safeguards to keep
customer information secure
• Financial institutes must also ensure that their affiliates and service
providers has appropriate controls to safeguard customer information
MISSION CISSP
USA PATRIOT Act of 2001
• Enacted to strengthen government powers for law enforcement
• ISPs could now provide a large range of information to the law
enforcement agencies on a volunteer basis
• Further increased the paneities for Computer Fraud and Abuse
act
• Overridden in Jun 2015 by USA Freedom Act which restored
key provisions of PATRIOT Act
MISSION CISSP
Family Educational Rights and Privacy Act
(FERPA)
• Scope includes –
• All educational institutes funded by Federal government
• Rights to subjects –
• Subjects have the right to inspect any education record held by the
institution
• Subjects can request for correction of records
• Education institutes should not disclose personal / education records
until consent by subjects
MISSION CISSP
EU Privacy Law
MISSION CISSP
General Data Protection Regulation (GDPR)
• Scope includes all organizations involved in data collection or
processing pertaining to data collected from EU
MISSION CISSP
Trans-border Data Flow
• Data flow boundaries has become transparent due to evolution
of Internet
• Information may be created/ collected in once country,
transmitted to another country and stored by other country
• Security professional must think globally:
• Privacy and security regulation
• Local Laws (Control on Data)
• Law enforcement jurisdictions
MISSION CISSP
Summary
• Privacy is the right of a person to control access to his or her
personal information
• OECD 8 principles are widely accepted and are mostly inbuilt in
all countries privacy laws
• Privacy act of 1975 was drafted to limit the federal agencies to
disclose citizen data without consent
• HIPPA mandates the protection of citizen health related
MISSION CISSP
Summary
MISSION CISSP
Thank you
Stay tuned for more interesting stuff…
MISSION CISSP