Impacting Laws, Regulations and Contractual Obligations for Critical Information Assets
Essay by review • February 21, 2011 • Research Paper • 1,253 Words (6 Pages) • 1,454 Views
Essay Preview: Impacting Laws, Regulations and Contractual Obligations for Critical Information Assets
Two identified critical assets include the social security number and the credit card. The countermeasure for both the assets will be analyzed from companies and customers point of view in this paper by exploring impacting laws, regulations and contractual obligations relative to the same.
Impacting laws , regulations and contractual obligations for SSN
• Privacy ACT 1974
• SSN regulations governing data and security
• Internet privacy policy
• California Civil Code Ð'§1798.85
• Fair credit reporting act
Interpretation of the laws, regulations and obligation for the counter measures
Monitoring of SSN by credit bureau
As per the Privacy Act of 1974 all government agencies whether they are federal, state or local they are required to provide a "disclosure" statement on the form which explains whether you are required to provide your SSN or if it’s optional, how the SSN will be used, and under what statutory or other authority the number is requested (5 USC 552a, note). The U.S. Office of Management and Budget, Office of Information and Regulatory Affairs (OIRA) provides guidance and oversight regarding the Privacy Act of 1974 (Privacy rights clearing house, 2008) . In this case of credit bureau this act is applicable to the credit agencies and it is their responsibility to govern the social security number from getting into illegitimate use or to any third party for the purpose of business.
As per the SSN regulations governing the data and information security (2005) any employees who have access to any systems or document containing SSNs have to sign a confidentiality agreement. Governing the use of internet to access the numbers, time of computer screen should be minimized and the monitor should never be left unattended. Printed document containing the social security number should not be send through normal mail unless it is permitted by law. It should not be send through email unless the social security number is encrypted.
California Civil Code Ð'§1798.85 prohibits companies from displaying the SSN in the printed mail, identity cards , or over the internet unless its encrypted (Privacy rights clearing house, 2008).
As per Fair credit reporting act Credit agencies play an important role in assembling and evaluating consumer credit and other information on consumers, they have to carry out their activities assuming grave responsibility, integrity, fairness and a respect for the consumer privacy, failure to do will spoil the customer image, social and financial stature in the society (�Fair Credit reporting act’, 2004).
In any case if the SSN have been disclosed inappropriately then the employee must immediately notify ITS who would notify the customers whose social security number have been put to risk.
As per the Internet privacy policy of the federal law does not permit the disclosure of the SSN, written authorization of the customer should be taken before giving the information to any third party.
Customers should not share their social security numbers with anyone, if they are stored in the computers it should be password protected and should not be left unattended with the computer screen. The customer should not exchange the SSN through email or should not be sent in printed form through mail.
Keep it in safe place
Electronic records which contain the social security numbers should be stored on company-owned electronic devices, and such devices must be secured against unauthorized access. As per the Internet privacy policy whenever customer is visiting the website and exchanging information about SSN company has to take reasonable precautions to maintain the security, confidentiality and integrity of the information collected (Social security.gov).
The social security number and all the relevant document containing the number should be kept in a secure place and should not be disclosed to anyone.
Impacting laws , regulations and contractual obligations for Credit cards
• Telecommunication act under Ð'§ 222
• Financial data protection Act 2005
• Card Industry Data security standards
• Gram leach billey act
• Bank Secrecy act
Interpretation of the laws, regulations and obligation for the counter measures
Call the bank to stop the credit card
With calling the bank to stop the credit card in case its stolen the following telecommunication act under Ð'§ 222. Privacy of customer information is applicable “A telecommunications carrier that receives or obtains customer proprietary network information by virtue of its provision of a telecommunications service may use, disclose, or permit access to aggregate customer information” also “A telecommunications carrier that receives or obtains proprietary information from another carrier for purposes of providing any telecommunications service shall use such information only for such purpose, and shall not use such information for its own marketing efforts”(вЂ?U.S. Code collection’, 2008).
The federal law covering the risk associated with the credit card is applicable which states that if the credit card is lost or is stolen, the customer has to call the toll free 24 hours
...
...