Identification should include, but not be limited to
- national laws, regulations, policies, and/or standards, such as
- Privacy Act of 1974
- Electronic Communications Privacy Act of 1986
- Counterfeit Access Device and Computer Fraud and Abuse Act of 1984
- Cybersecurity Information Sharing Act of 2015 (CISA)
- Health Insurance Portability and Accountability Act (HIPAA)
- Telecommunications Act of 1996
- Gramm-Leach-Bliley Act
- Family Educational Rights and Privacy Act (FERPA)
- Sarbanes-Oxley Act of 2002
- international laws and standards (e.g., European Union and Information Security Directive).
Process/Skill Questions:
- What event(s) led to the enactment of the Sarbanes-Oxley Act of 2002?
- What is FERPA? Under FERPA, does the education agency get to determine what education records to create and keep?
- Do HIPAA security rules apply to information transmitted by non-technological means?