Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, 2004. This work is the intellectual property.

Published byDouglas Whitehead Modified over 9 years ago

Similar presentations

Presentation on theme: "1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, 2004. This work is the intellectual property."— Presentation transcript:

1 1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, 2004. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

2 2

3 3 Presentation Outline IT Security-related Legislation – what is it? Why now? Impact on HE General overview of legislation Focus on a few laws related to E-signature How HE is responding What you should do Resources

4 4 IT Security-related Legislation – what is it? Includes laws, administrative code, FTC regulations, rulings, etc. Focus on Internet No such thing as “Internet Law” Disparate laws – Federal and State Confusing relationships between them Limited case law

5 5 Why now? 9/11 fallout Explosion in Internet use Commercialization of the Internet Web usage – easy to violate copyright

6 6 Why now? Increased interest in: –Protecting confidentiality and privacy –Protecting copyright New technologies enable: – Spam –Peer-to-peer –Viruses/worms/hacks

7 7 How do they impact higher ed? Often created for other industries –HIPAA for health insurance –GLBA for financial Higher Ed is in multiple industries –Loans –Health care –Debit cards –Publication –Research discovery –Education Need legal counsel/audit

8 8 FERPA Prepared by Judy Caruso, judy.caruso@doit.wisc.edu Copyright © 2004, University of Wisconsin Board of Regentsjudy.caruso@doit.wisc.edu Overlap Among IT Security-Related Laws in the beginning there was FERPA...

9 9 FERPA GLBA UETA E-SIGN SOX CAN-SPAM Business Processes Electronic Records Prepared by Judy Caruso, judy.caruso@doit.wisc.edujudy.caruso@doit.wisc.edu Copyright © 2004, University of Wisconsin Board of Regents Overlap Among IT Security-Related Laws

10 10 FERPA GLBA UETA E-SIGN SOX U.S.A. PATRIOT Act CAN-SPAM CDC Select Agent Program Bio- terrorism Protection Act Business Processes Anti- Terrorism Electronic Records Law Enforcement Prepared by Judy Caruso, judy.caruso@doit.wisc.edujudy.caruso@doit.wisc.edu Copyright © 2004, University of Wisconsin Board of Regents Overlap Among IT Security-Related Laws ECPA CFAA

11 11 FERPA GLBA UETA E-SIGN SOX U.S.A. PATRIOT Act DMCA CAN-SPAM CDC Select Agent Program Bio- terrorism Protection Act TEACH Copyright Business Processes Anti- Terrorism Instruction Electronic Records Law Enforcement Prepared by Judy Caruso, judy.caruso@doit.wisc.edujudy.caruso@doit.wisc.edu Copyright © 2004, University of Wisconsin Board of Regents Overlap Among IT Security-Related Laws ECPA CFAA

12 12 FERPA HIPAA GLBA UETA E-SIGN SOX U.S.A. PATRIOT Act DMCA CAN-SPAM CDC Select Agent Program Bio- terrorism Protection Act TEACH Copyright Business Processes Anti- Terrorism Research Instruction Electronic Records Health Human Subjects Law Enforcement Prepared by Judy Caruso, judy.caruso@doit.wisc.edujudy.caruso@doit.wisc.edu Copyright © 2004, University of Wisconsin Board of Regents Overlap Among IT Security-Related Laws ECPA CFAA

13 13 E-Signature Legislation Student Loan E-Signature Regulations FERPA E-Signature Regulations E-Signature Law (E-sign) UETA– Uniform Electronic Transactions Act All procedural statutes

14 14 E-Signature Rules for Student Loans Issued by Department of Education – 2001 Creates standards for E-Signatures in Student Loan transactions Created a FAFSA-PIN service (Free Application for Federal Student Aid)

15 15 E-Signature modification to FERPA Proposed in 2003 – effective May 24, 2004 “Signed and dated written consent” may include a record and signature in electronic form. It must: –Identify and authenticate a person as the source of the consent –Indicate the person’s approval Technology neutral Refers to student loan standards as acceptable standard Specifically acknowledges the existence of the E-Sign Act

16 16 E-Sign Act (Electronic Signatures in Global and National Commerce) Signature, contract or other record may not be denied legal status solely because it’s in electronic form Has consent requirements State governments cannot pre-empt unless they do so by passing UETA

17 17 UETA – Uniform Electronic Transaction Act State law – passed by 44 states Allows use of electronic records and electronic signatures Drafted specifically to remove barriers to electronic commerce

18 18 How do these e-signature rules/laws interact? UETA/E-Signature overlap –UETA has provisions not in E-Sign –E-Sign has provisions not in E-Sign –E-sign permits states to pre-empt E-Sign if they passed UETA –Both are technology neutral –Both require consent but E-Sign goes further

19 19 How do these e-signature rules/laws interact? E-Sign extension to Student Loans/FERPA –Student Loans rule from 2001 is referred to in FERPA rule –For student records, some institutions already implemented e-signature before the FERPA change –It’s more specific than E-Sign but refers to it E-Sign Law and FERPA E-Sign rule –Both have consent requirements

20 20 How are institutions implementing E-Signature?

21 21 What we’re doing at Wisconsin Discussing! Consent for each individual transaction or for a group of transactions? Do E-signature and FERPA e-signature laws complement each other? When in doubt – ask consent

22 22 Institutional approach and costs Dedicate staff Get a lawyer/security officer/internal audit Compliance penalties Cost of a breach –Real $ –Institutional reputation –Cost of communication –Loss of trust

23 23 Overall steps you can take Overall: –Involve CIOs/ Institution Executives –Discuss with campus legal, auditors, security officers –Work with functional users

24 24 Steps you can take 1.Institutional assessment 2.Review what other institutions are doing 3.Look at advice from EDUCAUSE, NACUBO, etc. 4.Review state and local law, as well as federal

25 25 Steps you can take 5.Create security policies and best practices 6.Assess individual systems/procedures Printing SSN’s Sending un-encrypted patient information Data warehouse use Obsolete authorizations Etc. 7.Assess system integration processes/procedures

26 26 Steps you can take 8.Educate staff regarding copyright, laws, protecting confidentiality/privacy 9.Understand interaction between electronic records and physical security – work with police 10.Prioritize - addressing those areas with the greatest problems and largest vulnerabilities first 11.Monitor and enforce policies/procedures

27 27 What to do first Institutional assessment: –Who’s working on this? –Overall compliance Education and training

28 28 Resources http://wiscinfo.doit.wisc.edu/policy http://www.sce.cornell.edu/exec/cpl.php http://www.educause.edu/cg/security.asp http://educause.edu/policy http://www.sans.org/resources/policies http://www.utsystem.edu/ogc/intellectualproperty/ http://www.itc.virginia.edu/pubs/docs/RespComp/resp.com p.htmlhttp://www.itc.virginia.edu/pubs/docs/RespComp/resp.com p.html http://www.doit.wisc.edu/security/policies/rules.asp

Download ppt "1 IT Security-related Legislation Judy Borreson Caruso CUMREC 2004 May 18, 2004 Copyright Judy Borreson Caruso, 2004. This work is the intellectual property."

Similar presentations

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,

Office of Information Technology Affiliates/Guests – Who are these people and how do we give them services? Copyright, Barbara Hope, University of Maryland,
Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.

Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.
1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.

1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.

Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,

Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Unlawful Internet Gambling Enforcement Act Final Rule Joseph Baressi June 3, 2009.

Unlawful Internet Gambling Enforcement Act Final Rule Joseph Baressi June 3, 2009.
5/21/2015 (1) Complying with P2P Mandates in the HEOA of 2008 EDUCAUSE Live! 23 November 2009

5/21/2015 (1) Complying with P2P Mandates in the HEOA of 2008 EDUCAUSE Live! 23 November 2009
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.
The Wild and Wooly World of E-Signatures Dino Tsibouris (614) 360-1160

The Wild and Wooly World of E-Signatures Dino Tsibouris (614)
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.

Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.

Similar presentations

Ads by Google