The laws, regulations, and mandates about the protection of computer-related information are as follows:
The U.S. Fair Credit Reporting Act of 1970 deals with consumer reporting agencies.
The U.S. Racketeer Influenced and Corrupt Organization (RICO) Act of 1970 that refers to criminal and civil crimes involving racketeers affecting the operation of legitimate businesses; crimes detailed in this act: mail fraud, securities fraud, and the use of a computer to perpetrate fraud.
The U.S. Code of Fair Information Practices of 1973 pertains to personal record keeping.
The U.S. Privacy Act of 1974 corresponds to federal agencies; provides protected information about private individuals contained in federal databases, and allows access to these databases. This Act appoints the U.S. Treasury Department with the duties of applying physical security practices, information management methods, and computer and network controls.
The Foreign Intelligence Surveillance Act of 1978 (FISA) covers electronic monitoring and physical searches. It allows for electronic surveillance and physical searches without a required search warrant in cases of international terrorism, spying, or acts of sabotage that are conducted by a foreign authority or its agent and is not intended for use in prosecuting U.S. citizens.
The Organization for Economic Cooperation and Development (OECD) Guidelines of 1980 addresses data collection limitations, data integrity, specifications of the purpose for data collection, data use restrictions, information security safeguards, transparency, participation by the individual on whom the data is being collected, and accountability of the data controller.
The Medical Computer Crime Act of 1984 involves illegal access or modification of electronic medical records through phone or data networks.
The Federal Computer Crime Law of 1984 was the first computer crime law passed in the U.S. and was enhanced in 1986 then modified in 1994. This law acknowledges classified defense or foreign relations information, records of financial institutions or credit reporting agencies, and government computers. Unlawful access or access that abuses authorization became a felony for classified information and a misdemeanor for financial information. This law made it a misdemeanor to willingly access a U.S. Government computer illegally or beyond authorization if the U.S. government’s use of the computer would be affected.
The Computer Fraud and Abuse Act of 1986 was amended in 1996 and enhanced Federal Computer Crime Law of 1984 by introducing three new crimes:
- When use of a federal interest computer assists an intended fraud.
- When modifying, corrupting, or destroying information in a federal interest computer or blocking the use of the computer or information resulting in a deficit of $1,000 or more or could thwart medical treatment.
- Trafficking in computer passwords if it affects interstate or foreign commerce or allows unlawful access to government computers.