The Council Directive (Law) on Data Protection for the European Union (EU) of 1995 declares that each EU nation is to apply protections similar to those of the OECD Guidelines.
The Economic and Protection of Proprietary Information Act of 1996 corresponds to industrial and corporate espionage and expands the definition of property to include proprietary economic information in order to include the theft of this information.
The Kennedy-Kassebaum Health Insurance and Portability Accountability Act of 1996 (HIPAA) addresses the concerns of personal health care information privacy, security, transactions and code sets, unique identifiers, and health plan portability in the United States.
The National Information Infrastructure Protection Act of 1996 amended the Computer Fraud and Abuse Act of 1986 and is modeled after the OECD Guidelines for the Security of Information Systems. It works with the safeguarding of confidentiality, integrity, and availability of data and systems. This path is designed to encourage other countries to adopt a similar framework, creating a more systematic approach to handling computer crime in the existing global information infrastructure.
The Information Technology Management Reform Act (ITMRA) of 1996 is also known as the Clinger-Cohen Act, and frees the General Services Administration of responsibility for procurement of automated systems and contract appeals. OMB is designed to provide guidance, policy, and control for information technology procurement. With the Paperwork Reduction Act, as enhanced, this Act delineates OMB’s responsibilities for overseeing agency practices regarding information privacy and security.
The Title I, Economic Espionage Act of 1996 deals with the numerous acts of economic espionage and the national security components of the crime. The theft of trade secrets is also defined in the Act as a federal crime.
The Digital Millennium Copyright Act (DMCA) of 1998 inhibits trading, manufacturing, or selling in any way that is designed to override copyright protection mechanisms. It also addresses ISPs that unknowingly support the posting of copyrighted material by subscribers. If the ISP is alerted the material is copyrighted, the ISP must remove the material. Additionally, if the posting party proves that the removed material was of “lawful use,” the ISP must restore the material and notify the copyright owner within 14 business days. Two important rulings regarding the DMCA were made in 2001. The rulings involved DeCSS, which is a program that bypasses the Content Scrambling System (CSS) software used to prevent the viewing of DVD movie discs on unlicensed platforms.
The Uniform Computers Information Transactions Act of 1999 (UCITA) is concerned with libraries’ access to and use of software packages, as well as the licensing practices of software vendors.
The Electronic Signatures in Global and National Commerce Act of 2000 (“ESIGN”) is concerned with the use of electronic records and signatures in interstate and foreign commerce. It protects the validity and legal effect of contracts entered into electronically. A key provision of the act mandates that businesses obtain electronic consent or confirmation from consumers to receive information electronically that a law normally requires to be in writing. The legislation is intent on protecting the consumers’ rights under consumer protection laws and went to extensive measures to meet this goal. Thus, a business must receive confirmation from the consumer in electronic format that the consumer consents to receiving information electronically formerly in written form. This provision assures that the consumer has access to the Internet and understands the basics of electronic communications.
The Provide Appropriate Tools Required to Intercept and Obstruct Terrorism (PATRIOT) Act of 2001 allows for the subpoena of electronic records, the monitoring of Internet communications and the search and seizure of information on live systems, backups, and archives.
The Generally Accepted Systems Security Principles (GASSP) are not established laws but are considered principles that have a foundation in the OECD Guidelines, and states:
- Computer security supports the mission of the organization.
- Computer security is an integral element of sound management.
- Computer security should be cost-effective.
- Systems owners have security responsibilities outside their organizations.
- Computer security responsibilities and accountability should be made explicit.
- Computer security requires a comprehensive and integrated approach.
- Computer security should be periodically reassessed.
- Computer security is constrained by societal factors.
The E-Government Act Title III, the Federal Information Security Management Act of 2002 (FISMA) deals with information security controls over information resources that support Federal operations and assets.