Scribd Logo
Hochladen

Willkommen bei Scribd!

  • 1.4 Privacy

    Hochgeladen von

    Manoj Sharma
    47 Ansichten23 Seiten
    Privacy laws aim to protect individuals' personal information and regulate its collection and use. The document outlines several key US and EU privacy laws, including the Privacy Act of 1974, HIPAA, COPPA, and the GDPR. It also discusses the OECD's eight widely accepted privacy principles and how concepts like data flows and jurisdiction apply globally due to the internet. Privacy is a growing concern as more data is collected and shared across borders.

    Originalbeschreibung:

    CISSP Domain-1 : Privacy Principles and Laws (By Cybernous.com)

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PPTX, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    Privacy laws aim to protect individuals' personal information and regulate its collection and use. The document outlines several key US and EU privacy laws, including the Privacy Act of 1974, HIPAA, COPPA, and the GDPR. It also discusses the OECD's eight widely accepted privacy principles and how concepts like data flows and jurisdiction apply globally due to the internet. Privacy is a growing concern as more data is collected and shared across borders.

    Copyright:

    © All Rights Reserved
    Als PPTX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    47 Ansichten23 Seiten

    1.4 Privacy

    Hochgeladen von

    Manoj Sharma
    Privacy laws aim to protect individuals' personal information and regulate its collection and use. The document outlines several key US and EU privacy laws, including the Privacy Act of 1974, HIPAA, COPPA, and the GDPR. It also discusses the OECD's eight widely accepted privacy principles and how concepts like data flows and jurisdiction apply globally due to the internet. Privacy is a growing concern as more data is collected and shared across borders.

    Copyright:

    © All Rights Reserved
    Als PPTX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 23

    Privacy in global context

    MISSION CISSP
    Determine compliance
    requirements
    Understanding Computer
    crimes

    Understanding Compliance
    requirements

    US Laws for Cyber Crimes

    Intellectual property Laws


    Conclusion

    MISSION CISSP
    Understanding Privacy

    MISSION CISSP
    Privacy Laws

    • Privacy: The rights and obligations of individuals and organizations with


    respect to the collection, use, retention, and disclosure of personal
    information

    • Personal information (PI) Discrete information about an individual

    MISSION CISSP Sy 140-148


    Privacy basic terms

    • An individual • An entity who is • An entity who


    whose personal responsible for authorized to
    data is collected safekeeping and process the
    maintaining the personal data in
    information as per behalf of a data
    regulations collector.

    Data Data
    Data subject processor
    collector

    MISSION CISSP
    Types of Personal Information

    • Sensitive Personal Information (SPI)


    • Loss or leak can cause harm to the data subject

    • Protected health Information (PHI)


    • Relates to health information

    • Personal Financial Information (PFI)


    • Financials information of the subject

    MISSION CISSP
    Common Privacy Principles
    OECD Privacy principles are the internationally accepted framework.
    The privacy principles includes:
    • Collection Limitation principle
    • Data quality Principle
    • Purpose specification Principle
    • Use limitation Principle
    • Security Safeguard Principle
    • Openness Principle
    • Individual participation Principle
    • Accountability Principle

    MISSION CISSP
    US specific Privacy laws

    MISSION CISSP
    Privacy Act of 1974
    • Scope is limited to Federal agencies
    • Limits the Federal agencies to disclose citizen data without
    his/her consent
    • Limiting the collection of personal information to the extend
    required
    • Mandates the data to be destroyed security after it’s use is over
    • Provisioned the citizens to have access to their PI and request
    for amendments whenever needed

    MISSION CISSP
    Electronic Communications Privacy Act (ECPA)
    • Enacted in 1986 and relates to electronic privacy
    • Invasion of privacy is defined as a criminal offense
    • Defines the wiretapping and monitoring of mobile conversation as
    illegal activity
    • Prohibits disclosure of electronic communication
    • Defines in which situations the data can be disclosed

    • Later amended to mandate ISPs to provision to wiretap in case of a law


    enforcement action after appropriate court order

    MISSION CISSP
    Economic Espionage Act of 1996
    • Extended the definition of property to include any proprietary
    economic information
    • This expanded the definition of theft to include theft of both
    tangible and intangible assets
    • Theft of proprietary information is tagged as corporate
    espionage

    MISSION CISSP
    HIPAA The health Information portability and
    Accountability act (HIPPA)
    • Dedicated act for individual health related information

    • Scoped to include Health insurance and Health


    maintenance organizations

    • Defines strict security measures for hospitals,


    physicians, insurance companies and other
    organizations

    • Mandates organization holding health information to


    clearly display customer’s rights towards privacy

    MISSION CISSP
    Health information Technology for economic and
    clinical health (HITECH)
    • HIPPA amendment in Feb 2009
    • Widened the scope of HIPPA
    • Introduced new data breach notifications requirements

    MISSION CISSP
    Children's Online Privacy Protection Act of 1998
    (COPPA)
    • COPPA mandated specific
    requirements or websites

    • Website collecting children’s information


    must have a privacy policy

    • Parents should have right to review the


    data provided by children

    MISSION CISSP
    The Gramm-Leach-Bliley Act (GLBA) of 1999
    • Also called Safeguard Rule
    • Financial institutions must develop appropriate safeguards to keep
    customer information secure
    • Financial institutes must also ensure that their affiliates and service
    providers has appropriate controls to safeguard customer information

    MISSION CISSP
    USA PATRIOT Act of 2001
    • Enacted to strengthen government powers for law enforcement
    • ISPs could now provide a large range of information to the law
    enforcement agencies on a volunteer basis
    • Further increased the paneities for Computer Fraud and Abuse
    act
    • Overridden in Jun 2015 by USA Freedom Act which restored
    key provisions of PATRIOT Act

    MISSION CISSP
    Family Educational Rights and Privacy Act
    (FERPA)
    • Scope includes –
    • All educational institutes funded by Federal government
    • Rights to subjects –
    • Subjects have the right to inspect any education record held by the
    institution
    • Subjects can request for correction of records
    • Education institutes should not disclose personal / education records
    until consent by subjects

    MISSION CISSP
    EU Privacy Law

    MISSION CISSP
    General Data Protection Regulation (GDPR)
    • Scope includes all organizations involved in data collection or
    processing pertaining to data collected from EU

    • Each EU member country to have a Data protection Authority (DPA)


    • Few additions to general privacy principles include
    • Data portability between service providers
    • Right to be forgotten

    • All serious breaches should be reported within 24 hours

    MISSION CISSP
    Trans-border Data Flow
    • Data flow boundaries has become transparent due to evolution
    of Internet
    • Information may be created/ collected in once country,
    transmitted to another country and stored by other country
    • Security professional must think globally:
    • Privacy and security regulation
    • Local Laws (Control on Data)
    • Law enforcement jurisdictions

    MISSION CISSP
    Summary
    • Privacy is the right of a person to control access to his or her
    personal information
    • OECD 8 principles are widely accepted and are mostly inbuilt in
    all countries privacy laws
    • Privacy act of 1975 was drafted to limit the federal agencies to
    disclose citizen data without consent
    • HIPPA mandates the protection of citizen health related

    MISSION CISSP
    Summary

    HIPPA (U.S.) FERPA (U.S.)


    GLBA (U.S.)
    Medical Records Students Education
    Financial Records
    Records

    Federal Privacy Act COPPA (U.S.) GDPR (EU)


    (U.S.) Online collection Citizen Data
    Data collected by and use of data for Privacy protection
    the government minors (under 13)

    MISSION CISSP
    Thank you
    Stay tuned for more interesting stuff…

    MISSION CISSP

    Das könnte Ihnen auch gefallen