Skip to content

Policy, Legal, Ethics, and Compliance

  • Americans With Disabilities Act, Section 508
    Requires that federal agencies’ electronic and information technology is accessible to people with disabilities, including employees and members of the public. Section 508 also directs the attorney general to submit reports to the president and Congress on the state of federal agencies’ compliance with the act’s requirements. In preparation for its report, the Department of Justice conducts a survey of federal agencies to obtain information on the state of compliance with Section 508 (ADA, 2018).

  • Bring Your Own Device (BYOD) Issues
    Refers to employees who bring their personal devices to work, whether laptop, smartphone, or tablet, in order to interface to the corporate network. A huge amount of company data is accessed using employee-owned equipment (PC Magazine, 2018).

  • Children’s Online Privacy Protection Act (COPPA)
    Law created to protect the privacy of children under 13. The act was passed by the U.S. Congress in 1998 and took effect in April 2000. COPPA is managed by the Federal Trade Commission (Rouse, 2018).

  • Computer Security Act
    The first step in improving the security and privacy of information contained in federal computer systems. Signed on January 8, 1988, by President Reagan, the act does the following:

    • Establishes a central authority for developing guidelines for protecting unclassified but sensitive information stored in government computers
    • Requires each agency to formulate a computer security plan, tailored to its own circumstances and based on the guidelines
    • Mandates that each agency provide training for its computer employees on the threats and vulnerabilities of its computer systems
    • Ensures that the National Security Agency and other defense-related government agencies not control computer security standards in civilian agencies of government (PC Magazine, 2018)
  • Family Educational Rights and Privacy Act (FERPA)
    A law that protects student records in institutions that receive funds from the U.S. Department of Education. It stipulates who may view or amend the records, which include grades, enrollment, and billing (PC Magazine, 2018).

  • Federal Authorities
    Institutions that act on behalf of the federal government to enforce laws and regulations.

  • Federal Information Security Modernization Act (FISMA)
    This is a piece of legislation that provides a basis for the federal government to oversee information security issues. This is an essential piece of legislation that helps the government deploy needed assets to help with cyber incidents. It also gives the government an outline for forcing businesses into reporting cyber incidents.

  • Federal Laws
    Federal laws are bills that have passed both houses of Congress, been signed by the president, passed over the president’s veto, or allowed to become law without the president’s signature (United States Senate, 2018).

  • Gramm-Leach-Bliley Act
    A law that requires financial institutions—companies that offer consumers financial products or services like loans, financial or investment advice, or insurance—to explain their information-sharing practices to their customers and to safeguard sensitive data (Federal Trade Commission, 2018).

  • Health Insurance Portability and Accountability Act (HIPAA)
    Also known as the Kennedy-Kassebaum Act, this U.S. law protects employees’ health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health and administrative and financial data interchange (Title II). The latter also governs the privacy and security of health information records and transactions. HIPAA, developed by the Department of Health and Human Services, took effect in 2001 with compliance required in phases up to 2004 (PC Magazine, 2018).

  • International Standards
    Guidelines or standards developed by an organization for use worldwide. The International Organization for Standardization is the most well-known organization for developing standards (BusinessDictionary, 2018).

  • Payment Card Industry Data Security Standard (PCI DSS)
    Security procedures from the PCI Security Standards Council for merchants that accept credit cards online. It includes guidelines for user authentication, firewalls, antivirus, encryption, truncating account numbers, programming maintenance, and vulnerability testing. The primary issue is the handling of customers’ credit card numbers. To be PCI-compliant, a merchant must provide strong encryption of the numbers for storage and transmission or use a third-party token service (PC Magazine, 2018).

  • Sarbanes-Oxley Act
    Administered by the Securities and Exchange Commission (SEC) starting in 2002, the Sarbanes-Oxley Act (SOX) regulates corporate financial records and provides penalties for their abuse. It defines the type of records that must be recorded and for how long. It also deals with falsification of data. Affecting data storage capacities and planning, Sarbanes-Oxley was enacted after the Enron and WorldCom scandals of the early 2000s. The bill was sponsored by Paul Sarbanes, a democratic senator from Maryland, and was additionally authored before passage by Michael Oxley, a republican senator from Ohio (PC Magazine, 2018).

  • State Jurisdictions
    Refers to exercise of state court authority. The state court has the right to make a legally binding decision that affects the parties involved in a case. It can also refer to a court’s power to hear all matters, civil and criminal, arising within its territorial boundaries. State jurisdiction exists over any matter in which the state has a vested interest (USLegal, 2018).

  • USA Patriot Act
    U.S. legislation passed by Congress in response to the September 11, 2001, terrorist attacks and signed into law by president George W. Bush in October 2001, which significantly expanded the search and surveillance powers of federal law-enforcement and intelligence agencies (Duignan, 2018).

References

ADA. (2018). Information and technical assistance on the Americans With Disabilities Act. Retrieved from https://www.ada.gov/508/

BusinessDictionary. (2018) International standards. Retrieved from http://www.businessdictionary.com/definition/international-standards.html

Duignan, B. (2018). Encyclopedia Britannica USA Patriot Act. Retrieved from https://www.britannica.com/topic/USA-PATRIOT-Act

Federal Trade Commission. (2018). Gramm-Leach-Bliley Act. Retrieved from https://www.ftc.gov/tips-advice/business-center/privacy-and-security/gramm-leach-bliley-act

PC Magazine. (2018). Encyclopedia. Retrieved from https://www.pcmag.com/encyclopedia

Rouse, M. (2018) COPPA (Children's Online Privacy Protection Act). Retrieved from https://searchcrm.techtarget.com/definition/COPPA

USLegal. (2018). State jurisdiction law and legal definition. Retrieved from https://definitions.uslegal.com/s/state-jurisdiction/

United States Senate. (2018). Laws and regulations. Retrieved from https://www.senate.gov/reference/reference_index_subjects/Laws_and_Regulations_vrd.htm