SecurityArena

Laws and Regulations

Search and Seizure Laws

• American citizens are protected by the Fourth Amendment against unlawful search and seizure, so law enforcement agencies (but management is not LEA) must have probable cause and request a search warrant from a judge or court before conducting such a search.
• Exigent circumstances  If the suspect tries to destroy the evidence or there is an impending possibility that evidence might be destroyed, law enforcement may quickly seize the evidence to prevent its destruction. Court will later decide whether the seizure was proper and legal before allowing the evidence to be admitted.

Enticement vs Entrapment

• Enticement. It is luring someone toward some evidence like a honey pot, after that individual has already committed a crime. It is legal and ethical.
• Entrapment. It is encouraging someone to commit a crime that the individual may have had no intention of committing. It is considered neither legal nor ethical.

Privacy

• Privacy laws dictate that data collected by government agencies must be collected fairly and lawfully, must be used only for the purpose for which it was collected, must only be held for a reasonable amount of time, and must be accurate and timely.
• If companies are going to use any type of monitoring, they need to make sure it is legal in their business sector and must inform all employees that they may be subjected to monitoring.
• Employees need to be informed regarding what is expected behavior pertaining to the use of the company’s computer systems, network, e-mail system, and phone system. They need to also know what the ramifications are for not meeting those expectations. These requirements are usually communicated through policies.
• Logon banners should be used to inform users of what could happen if they do not follow the rules pertaining to using company resources. This provides legal protection for the company.

 Available Laws and Regulations

• Federal Privacy Act of 1974
• Computer Fraud and Abuse Act (1986 and amended in 1996) It is the primary U.S. federal antihacking statute.
• Gramm-Leach-Bliley Act of 1999 It requires financial institutions to develop privacy notices and give their customers the option to prohibit banks from sharing their information with nonaffiliated third parties.
• Health Insurance Portability and Accountability Act (HIPAA) This regulation provides a framework and guidelines to ensure security, integrity, and privacy when handling confidential medical information.
• Security and Freedom Through Encryption Act This act was approved in 1997 and guarantees the right of all U.S. citizens and residents to be able to use and sell encryption products and technology.
• Federal Sentencing Guidelines In 1991, U.S. Federal Sentencing Guidelines were developed and passed down to provide judges with courses of action to take when overseeing white collar crimes that take place within organizations.
• European Union Privacy Principles
  • The reason for gathering of data must be specified at the time of collection.
  • Data cannot be used for other purposes.
  • Unnecessary data should not be collected.
  • Data should only be kept for as long as it is needed to accomplish the stated task. Only the necessary individuals who are required to accomplish the stated task should be allowed access to the data.
  • Whoever is responsible for securely storing the data should not allow unintentional “leaking” of data.