StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Data Protection Laws, Regulations, and Policies - Essay Example

Cite this document
Summary
Running Head: DATA PROTECTION LAWS, REGULATIONS, AND POLICIES Protective Measures [Name of Student] [Name of Institution] Introduction In the United States of America, a sectoral system is used in the application of the legislations, regulations, laws, and policies on data protection…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER94.3% of users find it useful
Data Protection Laws, Regulations, and Policies
Read Text Preview

Extract of sample "Data Protection Laws, Regulations, and Policies"

Running Head: DATA PROTECTION LAWS, REGULATIONS, AND POLICIES Protective Measures of Introduction In the UnitedStates of America, a sectoral system is used in the application of the legislations, regulations, laws, and policies on data protection. According to this approach, a combination of federal and state legislations, regulations, as well as self-regulation is applied. In fact, the U.S government emphasizes the need for the private sector players to lead in the implementation of state, federal, and self-regulations of data protection.

The many issues brought about by computer and internet technologies have necessitated the formulation, implementation, and reformation/amendments of various federal and state legislations, policies, and standards of data protection in the United States (Simons, 2009). Among these policies are Sarbanes-Oxley Act [SOX], Data Protection Act, Federal Information Security Management Act [FISMA], California Security Breach (SB) Information Act, Massachusetts 201 CMR 17.00, and Public Access policy among others.

This paper thus explores and evaluates some of the legislations, policies, regulations, and standards pertaining to data protection in the U.S. In addition, the paper explores some of the strategies by which database designers and specialists may ensure compliance with state and federal policies and legislations regarding data protection. Federal Information Security Management Act (FISMA) FISMA is one of the legislations by which the United States protects the nation’s information systems/infrastructure.

To achieve this objective, the Act was set on certain visions including the need to initiate and promote the development of core security policies, guidelines, and standards that would promote the formulation and the implementation of information security strategies and policies (U.S Department of Internal Security, 2002). In this regard therefore, the Act sets standards for the categorization of not only data but also entire information systems, depending on their missions and impacts on U.S citizens.

In addition, the Act sets guidelines and standards for the minimum security requirements for information/data systems. Moreover, the Act provides procedures for the assessment of security controls for data systems and their effectiveness in the various departments and sectors concerned. The other important function of this Act is to provide guidance and regulations on the necessary security authorizations for various information and information systems and the monitoring of the same security controls and authorizations (U.

S Department of Internal Security, 2002). The Personal Data Privacy and Security Act of 2009 The Personal Data Privacy and Security Act is the other Act that addresses data protection in the United States of America. This Act requires that organizations and government agencies adhere to certain rules and regulations that protect personal and sensitive data of citizens. To this effect, these agencies and organizations are required to establish and apply risk assessments and vulnerability test measures for controlling data access and protecting sensitive data.

Therefore, organizations and government agencies are required to institute mechanisms by which unauthorized data access are logged and detected, whether data systems are at rest or in transit (Wu et al., 2009). In fact, in cases of data breaches, this Act requires that government agencies such as the Secret Service, the FBI, or the CIA, and the individuals affected are informed. Importantly, the Act provides for strict penalties for data breaches, identity theft, and other related fraud. However, the Act provides for exemptions, for instance, in cases where a breach may not be reported to an individual or the concerned agencies if it would hinder or jeopardize a criminal investigation (U.

S Department of Internal Security, 2002). Among the state laws that protect data include the Massachusetts General Law’s new regulation 201 CMR17.00 that calls for companies and individuals that use, access, or store personal information of Massachusetts’ citizens have well-audited and written strategies and plans to protect all personal data under their care. This law, which became effective on March 1, 2010, applies equally to both paper and electronic records. Just like the Personal Data Privacy and Security Act of 2009, the Massachusetts’s 201 CMR 17.

00 law focuses on identity theft and fraud. Among the core functions of this law is thus to punish organizations that leak or capture personal data, for example, by way of fines (The Commonwealth of Massachusetts, 2011). Conclusion In connection with the above functions of the FISMA and other similar Acts, standards, regulations, and policies, organizations should ensure compliance with these regulations by establishing and implementing certain data protection strategies. First, organizations’ database designers and specialists should develop and implement data security programs that are not only cost-effective but are also risk-based in the sense that they would not incur risks and costs due to non-compliance with federal and state regulations and laws.

The levels of information system security and control should take into account all legal considerations by being attentive to the conditions of state and federal data protection agencies, thus offering the much needed support to federal and state governments in protecting data. Additionally, the application of data security controls across an organisation should be consistent, comparable, and reproducible/repeatable, and cost-effective (Sanders, 2006). Database designers and specialists should also be trustworthy, especially in situations where they are authorized to access certain vital data.

This strategy or trait would ensure that only permitted and informed security authorization and decision-making are achieved. Importantly, organizations/agencies must initiate changes that would ensure employee/resident personal data are secured, to avoid data breaches and possible punishment (Hill, 2009). References Hill, J. S. (2009). Is It Worth It? Management Issues Related to Database Quality. Cataloging & Classification Quarterly, 46 (1), 26. Sanders, A. K. (2006). Limits to Database Protection: Fair Use and Scientific Research Exemptions.

Research Policy, 35 (6), 874. Simons, N. (2009). Surviving a Records Audit: 6 Steps to Prepare Your Organization. Information Management Journal, 43 (4), 38. The Commonwealth of Massachusetts (2011). General Laws: Security Breaches. Retrieved on March 2, 2012 from http://www.malegislature.gov/Laws/GeneralLaws/PartI/TitleXV/Chapter93H U.S Department of Internal Security (2002). Federal Information Security Management Act (FISMA). Retrieved on March 2, 2012 from http://www.marcorsyscom.usmc.mil/sites/pmia%20documents/documents/Federal%20Information%20Security%20Management%20Act%20 (FISMA).

html Wu, J. et al. (2009). Necessary and Sufficient Conditions for Transaction-Consistent Global Checkpoints in a Distributed Database System. Information Sciences, 179 (20), 3659.

Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Data Protection Laws, Regulations, and Policies Essay”, n.d.)
Data Protection Laws, Regulations, and Policies Essay. Retrieved from https://studentshare.org/information-technology/1443993-protective-measures
(Data Protection Laws, Regulations, and Policies Essay)
Data Protection Laws, Regulations, and Policies Essay. https://studentshare.org/information-technology/1443993-protective-measures.
“Data Protection Laws, Regulations, and Policies Essay”, n.d. https://studentshare.org/information-technology/1443993-protective-measures.
  • Cited: 0 times

CHECK THESE SAMPLES OF Data Protection Laws, Regulations, and Policies

Law and Policy Case Study

In many organization, the triad of factors—rules, regulations and policies constitute the entire framework the promote information security (Martin, & Khazanchi, 2006).... This proposal looks the impact of organization laws, regulations, and policies in maintaining confidentiality, integrity, and availability.... Given the vital role of information security, many organizations protect their information using strategies such as policies, laws, and regulations....
3 Pages (750 words) Case Study

Health Law and Regulations

In general, these policies aim at observing quality, enabling access, controlling competition and costs and improve the healthcare industry.... Health Law and regulations Institution Date Introduction Law is a set of rules governing the conduct associated with recognition and observation of individual and property rights.... hellip; These laws and regulations provide frameworks within which practitioners in this field must observe that the care of clients remains legal, the client's rights remain protected, and generally assist in maintenance of standard nursing practices by making the nurses accountable as per the law's commands....
6 Pages (1500 words) Essay

The EU and US Data Protection Approaches and their Sustainability

Instead of each country independently regulating their own information technology industry, common guidelines were instituted on where each country will base their data protection laws.... This essay describes different approaches that the United States and European Union have on data protection and data sustainability.... The US has also mounted a scathing attack at the EU data protection Directive claiming that it is fast becoming outdated and with time its practicability in implementation will deteriorate (Bercic and George, 2009)....
10 Pages (2500 words) Essay

Role of State in Data Protection

data protection is one of the primary issues in the information society where new technologies have emerged posing new threats to privacy.... However, with new technology, advanced ways of facilitating protection have also helped Governments of different countries carefully design explicit legislation to control privacy protection. … Surely maintaining the balance between the need for privacy and data protection, on the one hand, and law enforcement, on the other, is no easy task....
13 Pages (3250 words) Essay

Effects of Regulation/Deregulation in the Recent Financial Crisis

… In the course of their operations, financial institutions are subject to some governing rules and regulations by an established body.... Among the various forms of regulations that are instituted include antitrust enforcement, conflict rules, capital standards, asset restrictions, disclosure rules, interest rate ceilings, geographic and product line entries, investing and reporting requirements....
6 Pages (1500 words) Assignment

The Development of Environmental Management Systems

With the rise of this legislation and associated governmental agencies in environmental protection, the requirements for the consumer, business, and industry to abide by environmental regulations led to the development of testing and auditing procedures that would guarantee compliance over large sectors of the economy.... hellip; Environmental law builds on reform movements from the early part of the 20th Century, including consumer protection and industry regulation legislation that was enacted through the House of Commons in the protection of the public welfare and safety of workers....
6 Pages (1500 words) Term Paper

Possible Trade Restrictions For Improving Environmental Conditions

The reearch "Possible Trade Restrictions For Improving Environmental Conditions" emposes the USA's possible usage of trade restrictions to force compliance with environmental and labor standards.... The first view is based on the effect of trade sanctions on “race to the bottom theory”....
7 Pages (1750 words) Research Proposal

The European Union: the Right of Privacy

This directive set data protection standards within the EU legal order.... This paper discusses the extent to which the cooperation between the EU and the USA and their agencies affect the data protection standards and practices in China.... Compared to the privacy laws in the US and other countries, which are rather pieced-together, the EU directive is a bit different regarding its tough standards and enforcement or penalty policies.... Other countries and regions such as the US and China are trying to catch up with the EU privacy laws and regulations....
12 Pages (3000 words) Dissertation
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us