Legal, Compliance, and Government Regulations

• Computer crimes and echoes.

• Laws put into effect that help fight computer crime.

• Computer evidence collection and processes.

• Best practices

 

Here is just some of the issues computer crime laws cover; unauthorized modification of data, destruction of networks, access and or inserting malicious programming code. There are many ways to compromised computers systems from Malware attacks to Zombie invasions, the software installed on these systems is called bots, and once an attacker has several compromised systems, this is known as a botnet. The botnet can be used to carry out DDoS attacks, transfer spam/malware, or do whatever the attacker programs the bot software to do down to copying key-strokes of users.

 

In many countries law makers have broadened the definition of property to include data.

Companies and organization that move data around the world must be aware of a number of different laws like the Organization for Economic Co-operation and Development (OECD). They have put out guidelines on the protection of privacy and transfer of personal data.

The core principles defined by the OECD are as follows:

Collection of personal data should be limited, obtained by lawful and fair means, and with the knowledge of the subject.

 

Personal data should be kept complete and current, and be relevant to the purposes for which it is being used.

 

Subjects should be notified of the reason for the collection of their personal information at the time that it is collected, and organizations should only use it for that stated purpose.

 

Only with the consent of the subject or by the authority of law should personal data be disclosed, made available, or used for purposes other than those previously stated.

 

Reasonable safeguards should be put in place to protect personal data against risks such as loss, unauthorized access, modification, and disclosure.

 

Developments, practices, and policies regarding personal data should be openly communicated. In addition, subjects should be able to easily establish the existence and nature of personal data, its use, and the identity and usual residence of the organization in possession of that data.

 

Subjects should be able to find out whether an organization has their personal information and what that information is, to correct erroneous data, and to challenge denied requests to do so.


Organizations should be accountable for complying with measures that support the previous principles.

 

A construct that outlines how U.S.-based companies can comply with the EU pri_vacy principles has been developed, which is called the Safe Harbor Privacy Principles.

 

If a non-European organization wants to do business with a European entity, it will need to adhere to the Safe Harbor requirements if certain types of data will be passed back and forth during business processes

The privacy data protection rules that must be met to be considered Safe Harbor compliant are listed here:

 

Notice Individuals must be informed that their data is being collected and about how it will be used.

 

Choice Individuals must have the ability to opt out of the collection and forward transfer of the data to third parties.

 

Onward Transfer Transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.

 

Security Reasonable efforts must be made to prevent loss of collected information.

 

Data Integrity Data must be relevant and reliable for the purpose it was collected for.

 

Access Individuals must be able to access information held about them, and correct or delete it if it is inaccurate.

 

Enforcement There must be effective means of enforcing these rules.

 

Civil law generally is derived from common law, cases are initiated by private parties, and the defendant is found liable or not liable for damages. Criminal law typically is statutory, cases are initiated by government prosecutors, and the defendant is found guilty or not guilty.

Lance West

 

DigiBrains@msn.com

 

 

  • Cyber-Security

 

  • Information Assurance training

 

  • IT Risk Analysis

 

  • BIA/BCP Development

 

  • Software Security

 

  • Databases
Print | Sitemap
© DigiBrains LLC