Term Paper: Legislative Ethical and Legal Regulatory Compliance

Pages: 5 (1588 words)  ·  Bibliography Sources: 5  ·  Level: Master's  ·  Topic: Business - Law  ·  Buy This Paper

Computer Science

Legislative, Ethical, and Legal Regulatory Compliance

Personal identifying information is frequently gathered by businesses and governments and is stored in a variety of formats such as digital and paper. Protecting this data has become a mounting issue for businesses and government entities around the country. There are several laws that have been enacted in order to facilitate the protection of said data. These include: Data Disposal Laws, Security Breach Notification Laws and Identify Theft Statutes (Data disposable laws, 2012).

A data security breach takes place when there is a loss or theft of, or other unlawful access to, sensitive personally identifiable information that could consequence in the potential compromise of the confidentiality or integrity of data. "Data breaches are caused by computer hacking, malware, payment card fraud, employee insider breach, physical loss of non-electronic records and portable devices, and inadvertent exposure of confidential data on websites or in e-mail" (Stevens, 2012). Data breaches are costly, time consuming, and can injure a company's status. U.S. companies are reportedly reserved about buying cyber liability insurance even though data breaches have cost companies millions of dollars. Data breaches concerning sensitive personal information may also consequence in identity theft and financial crimes like credit card fraud, phone or utilities fraud, bank fraud, mortgage fraud, employment related fraud, government documents or benefits fraud, loan fraud, and health-care fraud.

The Fair Credit Reporting Act (FCRA) and the Federal Trade Commission's Rule concerning the Disposal of Consumer Report Information and Records (the Disposal Rule) necessitates small businesses that get hold of consumer information from consumer reporting companies like Equifax, Experian, or Transunion, to take rational measures to correctly dispose of that information. Health care providers and financial institutions may have supplementary obligations to destroy consumer information under the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA) (Disposing of Data -- Do it Responsibly, 2010).

Approximately nineteen states have statutes that necessitate small businesses to get rid of records that include personal information. Similar to the Disposal Rule, the preponderance of these statutes necessitate small businesses to take logical steps when destroying records. Some of the state statutes only pertain to specific types of small businesses, such as health care providers, financial institutions, or tax preparers (Disposing of Data -- Do it Responsibly, 2010).

There are normally two types of data destruction laws: those that expressly detail how the data must be destroyed and those that command the use of a disposal system that meets a reasonableness standard. "Some states include both types, though most choose only one. States that fall into the first category typically use some variation of the following regulation: Businesses must take all reasonable steps to destroy records by shredding, erasing, or otherwise modifying the personal information to make it unreadable or undecipherable" (Data Destruction Laws, 2007). Statutes frequently identify how the records must be destroyed and what the final result of the process must yield. The second type of data destruction law provides that businesses shall support reasonable security procedures and practices appropriate to the nature of the information to protect from unlawful access, destruction, use, modification, or disclosure.

"Forty-six states, the District of Columbia, Puerto Rico, and the Virgin Islands have laws requiring notification of security breaches involving personal information" (Stevens, 2012). Federal laws, regulations, and a communication for federal departments and agencies necessitate certain sectors like healthcare, financial, federal public sector, and the Department of Veterans Affairs, to put into practice information security programs and provide notice of security breaches of personal information.

"In response to such notification laws, over 2,676 data breaches and computer intrusions involving 535 million records containing sensitive personal information have been disclosed by data brokers, businesses, retailers, educational institutions, government and military agencies, healthcare providers, financial institutions, nonprofit organizations, utility companies, and Internet businesses" (Stevens, 2012). As a consequence, a considerably large number of people have received notices that their personally identifiable information has been improperly revealed.

There are three reasons for breach notification laws to exist. One, is that it is general politeness that when one loses something of someone else's, they should tell him. The customary corporate attitude before there were laws was that people wouldn't notice, and if they didn't notice then they wouldn't be told. Another reason is that it provides statistics to security researchers as to how all-encompassing the problem really is. And finally, it forces companies to advance their security. The problem with companies protecting data is that it isn't in their financial best interest to do so. That is, the companies are responsible for protecting sensitive data, but bear none of the costs if the data is compromised. Individuals suffer the harm, but they have no control or even knowledge of the company's security practices. "The idea behind such laws, and how they were sold to legislators, is that they would increase the cost -- both in bad publicity and the actual notification -- of security breaches, motivating companies to spend more to prevent them. In economic terms, the law reduces the externalities and forces companies to deal with the true costs of these data breaches" (Schneier, 2009).

Identity theft entails the mishandling of any individually identifying information to commit a violation of federal or state law. With continued media reports of data security breaches, concerns about identity theft are widespread (Stevens, 2012). Identity theft is a more and more common crime in which a criminal obtains a victim's Personal Identifying Information (PII) to commit fraud or other crimes. The daily news is full of these stories, ranging from anecdotal tales of an individuals' stolen identity to lapses in security surrounding sensitive consumer data (Paul, 2006).

There is a wide range of federal laws that relate to identity theft. Laws can be grouped into four main categories: identity theft specific laws, false identification laws, privacy and personal data laws, and credit law. Identity theft specific laws are those that were designed and enacted to criminalize the act of identity theft. "False Identification laws deal specifically with fraud in connection with personal identifying documents. Privacy and personal data laws can help prevent identity theft by regulating how personal identifying information (PII) is collected and disseminated" (Paul, 2006). Laws regarding credit directly impact victims of identity theft, as those individuals must restore their credit ratings and limit their liability for unauthorized debts.

With the ever increasing capability of data and information to be transported via the web it is more and more important for entities to be concerned with the laws and regulations that are in place and those that might be coming that deal with the security of data. Entities that deal with data must know what they have to keep secure and how they must keep it that way in order to protect the integrity of not only the data they use of their company in general. The advancement of technology has lead to the growth of the data security industry which has in turn lead to this area becoming more and more vital everyday. Data security is here to stay and is only going to get more and more complicated as technology continues to advance and grow.

References

Data disposable laws. (2012). Retrieved from http://www.ncsl.org/issues-research/telecom/data-disposal-laws.aspx

Disposing of data -- Do it responsibly. (2010). Retrieved from http://www.bbb.org/data-security/disposing-of-data/laws-and-regulations/

Data destruction laws. (2007). Retreived from http://blawg.scottandscottllp.com/businessandtechnologylaw/2007/10/data_destruction_laws.htmlSchneier, B. (2009). Breach Notification Laws. Retrieved from http://www.schneier.com/blog/archives/2009/01/state_data_brea.html

Paul, S.R. (2006). Features - identity theft: Outline of federal statutes and bibliography of select resources. Retrieved from http://www.llrx.com/features/idtheftguide.htm

Stevens, G. (2012). Data security breach notification laws. Retrieved from http://www.fas.org/sgp/crs/misc/R42475.pdf

Part 2

The preponderance organizations know that it is significant to guard their data and resources from loss or damage due to theft, human or computer error or malicious intent. There are numerous steps that can be taken to limit the… [END OF PREVIEW]

Human Resources Management Legal Issues Essay


Legal Issues With the Use of Open Source Software in Government and EU Public Service Term Paper


Healthcare Policy Issue and Nursing Strategies Essay


Law and Business When Glenn Assessment


Elderly Drivers and Their Drivers Licenses Seminar Paper


View 75 other related papers  >>

Cite This Term Paper:

APA Format

Legislative Ethical and Legal Regulatory Compliance.  (2012, August 13).  Retrieved October 19, 2019, from https://www.essaytown.com/subjects/paper/legislative-ethical-legal-regulatory/6190078

MLA Format

"Legislative Ethical and Legal Regulatory Compliance."  13 August 2012.  Web.  19 October 2019. <https://www.essaytown.com/subjects/paper/legislative-ethical-legal-regulatory/6190078>.

Chicago Format

"Legislative Ethical and Legal Regulatory Compliance."  Essaytown.com.  August 13, 2012.  Accessed October 19, 2019.
https://www.essaytown.com/subjects/paper/legislative-ethical-legal-regulatory/6190078.