E-Commerce: Legal and Practical Issues Legal Issues: Security – December 2, 2005 Stephen M. Foxman Philadelphia.

Slides:



Advertisements
Similar presentations
Additional Assurance Services: Other Information
Advertisements

McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Sarbanes-Oxley Act of 2002 UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
Core principles in the ASX CGC document. Which one do you think is the most important and least important? Presented by Casey Chan Ethics Governance &
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.
Identity Theft “Red Flags” Rules Under the FACT Act Reid Fudge CISSP, CISA Pulte Mortgage, LLC November 2008.
Process of CG in Egypt Mohamed Omran Vice Chairman Cairo & Alexandria Stock Exchanges December, 13 th 2006.
Sarbanes-Oxley Act of Benefits of Act Three quarters of the financial executives in the Oversight Systems survey said that their company had realized.
IS3350 Security Issues in Legal Context
Chapter 6 The Role of Government Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written.
The Enforcement of Ethics: An Update on the Federal Sentencing Guidelines and Ethics Office Requirements Charles R. McGuire, J.D. Illinois State University.
Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Chapter Six Legal and Regulatory Obligations in an Ethical Framework.
Sarbanes-Oxley Act. 2 What Is It? Act passed by Congress in response to the recent and continuing corporate scandals. Signed into law July 30, Established.
McGraw-Hill/Irwin Copyright © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 The Role of Government.
Copyright © 2012 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 The Role of Government McGraw-Hill.
1 Sarbanes-Oxley Section 404 June 29,  SOX 404 Background 3  SOX 404 Goals 4  SOX 404 Requirements 5  SOX 404 Assertions 6  SOX 404 Compliance.
Third ICAC Symposium The New York Stock Exchange – A Regulator and a Listed Company James F. Duffy Executive Vice President & General Counsel NYSE Regulation,
REGULATIONS Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.
SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
WELCOME Annual Meeting & Compliance Seminar. Code of Conduct - Impact on Corporate Culture by Andy Greenstein Knight Capital Group, Inc.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
The CPA Profession Chapter 2.
The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.
 Corporate governance is based on three interrelated components: corporate governance principles, functions and mechanisms.
In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 5 HIPAA Enforcement HIPAA for Allied Health Careers.
6 Months Since Sarbanes/Oxley 259 criminal actions in FY2002 by 30 different U.S. Attorney's Offices and DOJ for securities-related offenses or obstruction.
Corporate Governance and Principle-Based Reserves: Applying the Basics
The Institutionalization of Business Ethics
Other Laws (Primarily for E-Government) COEN 351.
Copyright © 2008 by West Legal Studies in Business A Division of Thomson Learning Chapter 46 Securities Regulation Twomey Jennings Anderson’s Business.
Noteworthy Developments in Nonprofit Corporation Law Michael W. Peregrine Gardner, Carton & Douglas April 25, 2003.
2012 Governance & Leadership Institute January 29 – 30, 2012.
Implementation Issues of Sarbanes-Oxley CASE Presentation September 23, 2004 By Denise Farnan.
Corporate Responsibility and Compliance A Resource for Health Care Boards of Directors By Debbie Troklus, CHC and Michael C. Hemsley, Esq.
Scandals (in the public and private sector)  Enron  Worldcom  Livent  Nortel  HRDC  Sponsorship Scandal.
1 Today’s Presentation Sarbanes Oxley and Financial Reporting An NSTAR Perspective.
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 16 Regulation of Securities, Corporate Governance, and.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
Sarbanes-Oxley (SOX) John H. Messing, Esq. Law-on-Line,Inc. Providing 3 E’s -- E-Security, Encryption, E-Signatures 3900 E. Broadway Blvd., Suite 201 Tucson,
CIBC Global Services © 2006, Echoworx Corporation Ubiquity of Security Compliance and Content Management Stephen Dodd Director – Enterprise Accounts.
Indiana Regional Sewer District Association October 26, 2015.
DIRECTOR’S LEGAL LIABILITIES Doug Jackson Gungoll, Jackson, Collins & Box, P.C.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
Copyright © 2010 Pearson Education, Inc. Publishing as Prentice Hall.17-1 Chapter 17 Investor Protection and E- Securities Transactions.
HARRIS PROPRIETARY 1 assuredcommunications™ NCMA Each of Medco Health’s False Claims Was “Knowingly Submitted” Because Medco Health Had No Effective Corporate.
Page 1 John F. Levy Board Advisory (O): (908) (O): (201)
1 HOW THE ORGANIZATIONAL SENTENCING GUIDELINES AFFECT HOW THE ORGANIZATIONAL SENTENCING GUIDELINES AFFECT COMPLIANCE AND ETHICS PROGRAMS FIFTH ANNUAL.
Chapter 4: Laws, Regulations, and Compliance
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
 The U.S. Securities and Exchange Commission (SEC) oversees the key participants in the securities world.  Concerned with promoting disclosure of important.
Copyright © 2012 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 The Role of Government McGraw-Hill.
Overview of Tampa Electric’s Compliance Program APPA Reliability Standards and Compliance Program January 10, 2007.
Law Firm Data Security: What In-house Counsel Need to Know
Chapter 5 ASX Guidelines for Listed Companies
The Institutionalization of Business Ethics
Securing Critical Assets: Arizona’s Security & Privacy Initiatives
IS4680 Security Auditing for Compliance
Chapter 4 Law, Regulations, and Compliance
Presentation transcript:

E-Commerce: Legal and Practical Issues Legal Issues: Security – December 2, 2005 Stephen M. Foxman Philadelphia

Security - Federal Legislation Computer Fraud and Abuse Act 18 U.S.C. § 1030 Identity Theft and Assumption Deterrence Act of 1998  Amends 18 U.S.C. § 1028 Gramm Leach Bliley requirements for financial institutions - (Public Law ) 15 U.S.C. § 6801 et seq. HIPAA requirements for healthcare services - Health Insurance Portability and Accountability Act of 1996 Children’s Online Privacy Protection Act of U.S.C. § 6501 et seq. Federal Trade Commission Act

Security – Federal Legislation Federal Focus on Protecting Infrastructure  USA Patriot Act  Creation of National Infrastructure Protection Center  Maritime Transportation and Security Act of 2002  Sarbanes-Oxley Act of 2002

Security – State Legislation Pennsylvania legislation  Wiretapping and Electronic Surveillance Control Act 19 Pa.C.S.A. § 5701 et seq.  Hacking and Similar Offenses 18 Pa.C.S.A. § 7611 et seq. Computer Theft (unlawful access) § 7613 Unlawful Duplication of Computer Data § 7614 California SB1386 law relating to disclosure to public if private information is hacked or inadvertently disclosed to third parties (effective July 1, 2003)

SOX and Security Moving away from business judgment rule – Delaware Law  Old law: Directors not obligated to ferret out wrongful conduct  Graham v. Allis-Chalmers Mfg. Co., 188 A.2d 125, 130 (Del. 1963) (directors have no duty affirmatively to seek out corporate employees’ wrongdoing)

SOX and Security  New law: Directors must develop internal programs to assure compliance with laws Smith v. VanGorkom, 488 A.2d 858 (Del. 1985) (board decision must be “informed”) Kahn v. MSB Bancorp., Inc., 24 Del. J. Corp. L. 266, 1998 (Del. Ch.) (protection under the business judgment rule may be lost through gross negligence) In re Caremark International Derivative Litigation, 698 A.2d 959 (Del Ch. 1996) (even though directors and officers may not be liable for wrongdoing that they have no reason to suspect, they have an affirmative duty to establish a compliance system).

SOX and Security Moving away from business judgment rule – Criminal Sentencing  Sentencing Reform Act of 1984: Organizational Sentencing Guidelines cited in Caremark as evidencing need for corporations to adopt effective compliance programs to detect violations of law  U.S. Sentencing Commission (Jan. 10, 2003) adopts emergency plan for harsher sentences in corporate crime cases  Advisory Commission (Oct. 7, 2003) report to U.S. Sentencing Commission on sentencing organizations that recommends more sophisticated compliance programs.

SOX and Security Moving away from business judgment rule – Duties under SOX  Section SEC must prescribe rules requiring annual reports to contain an “internal control report” stating management’s responsibility “for establishing and maintaining an adequate internal control structure and procedures for financial reporting” and assesses the “effectiveness” of such structure and procedures Requires management to assess and implement internal controls for security of MIS and business process security – responsibility likely with audit committee

SOX and Security Moving away from business judgment rule – Duties under SOX  Section public companies must disclose on a rapid and current basis such additional information concerning material changes in the financial condition or operations of the issuer necessary to protect investors and the public interest  Section 302 – certifications required from executives; covers internal controls  Directors and audit committee in particular, to meet new standards, must develop risk assessment and response to protect company information infrastructure

SOX and Security Developing and implementing appropriate security procedures  National Institute of Standards and Technology 800 Series  supports the implementation of the Federal Information Security Management Act (FISMA) of 2002  Focused on federal information systems, but relevant to private systems, processes and assessment issues  For more information

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.