1. What is the difference between criminal law and civil law?
Criminal law is the legal term that deals with deliberate violations that cause malice towards society and have stiff penalties. These penalties are dictated and enforced by the governing body. Civil law is the legal term that deals with an array of laws that are available for review by the average citizen. Civil law is when an individual that feels he or she has been wronged can take action against the person or business they feel wronged them.
2. What Acts are in place that deal with computer security?
The NIIPA (National Information Infrastructure Protection Act) of 1996 and the Computer Fraud and Abuse Act of 1986 are the two key pieces of legislation in place by the government. NIIPA was mainly used to update the Computer Fraud and Abuse Act and make the penalties stiffer.3. What affect does HIPAA have on computer security?
The Health Insurance Portability and Accountability Act of 1996, also known as the Kennedy-Kausbaum Act, affects organizations who keep any kind of medical records on computers. This means that all medical offices must have certain security parameters in place to assure the integrity and confidentiality of patient information. Also, any organization that keeps employee health records, whether or not the business is related to the medical field, must implement the same minimum of security parameters to assure the same integrity and confidentiality. Basically, this Act says that any organization must obtain and secure their employee health information just as the hostpitals or insurance agencies must secure it.4. If I work for a bank or credit union what regulations apply to how I use the financial information.
Banks and credit unions should look to the Gramm-Leach-Bliley Act of 1999 for policies regarding how financial information should be used. This Act insures that any bank or credit union must make their privacy policy public knowledge. That is they must share their stance on the proliferation of personal information with other organizations. It also states that before an institution can share any personal information with other organizations the customers must be notified so that the customer can decide whether or not they want their information to be shared. These privacy policies must be stated when a business relationship begins and every year thereafter.
5. Is it illegal to use encryption? Will I look like a criminal?
It is legal to use encryption for personal use and it cannot be assumed that because encryption was used a crime should be suspected. However, there are bills in the House that will possibly increase the penalty of a crime if encryption is used as a furtherance of the crime. There are also export restrictions on encryption, but these do not apply to American citizen's travelling abroad as long as the encryption is only for personal use.
6. What is the difference between Policy and Law?
A policy is a written set of rules within an organization that state what an employee can and cannot do. It is like a set of laws, but most of these rules only apply within that organization. A few of the rules may actually be laws that could be enforced by the state, but for the most part an organization will regulate and enforce their own rules without involving the government. A law is a written set of rules enforced by the government that can be prosecuted at the state's discretion. Penalties vary under both categories. For example, violating an organizational policy could result in contract termination. However, the violation may not be illegal and no punitive action would be taken by the state.