Unit 9: Privacy Laws, Penalties, and Privacy Issues
As information security evolves, laws designed to secure information are also evolving. Whether in the workplace or on social networking sites, individuals around the world want their privacy protected. Countries are enacting laws to protect the privacy of their citizens, and organizations with a successful data breach are finding a breach to be costly not only monetarily but to their reputation as well. This unit will discuss the importance of electronic data privacy protection, global privacy laws, some areas and issues of online privacy, and the penalties and adverse effects of a data breach on organizations.
Completing this unit should take you approximately 3 hours.
9.1: Electronic Data Privacy Protection
A great deal of personal data is collected and stored electronically today. Personal data is considered private and the protection of this data may be mandated by law. Some, but not all countries have developed laws to protect privacy. As the security professional, you will be expected to know the laws that pertain to your organization and how to protect the data collected according to the local laws. This unit discusses how privacy data is collected via electronic devices and describes some laws that have been written to protect the privacy of individuals.
9.2: Global Privacy Laws
The jurisdiction of privacy laws is usually specific to the country where they are written. Currently, there any no global privacy laws, but there is one European Union (EU) privacy law with a long reach; the European General Data Protection Regulation (GDPR). This privacy law as well as some other important privacy laws of the United States will be discussed in this section. Information security professionals must understand global privacy laws to determine if those laws must be enforced in your agency. For example, if your organization collects privacy data from EU citizens, that data is protected by the GDPR. Due to the way the GDPR is written, even if your company is located outside the EU the privacy data collected on EU citizens must be protected. Other laws do not have such a long reach but must be followed to avoid being penalized.
Unit 9 Assessment
- Receive a grade