US Laws and Regulations

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> US Laws and regulations.
00:00
In this lesson, we're going to talk about
00:00
the major US laws regarding data and industry.
00:00
We want you to be able to identify
00:00
applicable data and industries that
00:00
are impacted by each law.
00:00
Now, in the context of this exam,
00:00
you're not expected to be a legal scholar,
00:00
you really are expected to
00:00
understand and be able to identify
00:00
the major US laws that impact
00:00
and protect data that's in the Cloud.
00:00
Those laws are really as follows.
00:00
The first one is the Gramm-Leach-Bliley Act.
00:00
This is an act regarding banking transparency
00:00
and how banks and insurance companies could combine.
00:00
The act really is applicable to the banking sector.
00:00
Anytime you hear banking,
00:00
you think Gramm-Leach-Bliley Act.
00:00
Then there's the Sarbanes-Oxley.
00:00
Sarbanes-Oxley was a regulation
00:00
regarding the financial industry
00:00
and it has specific security standards regarding
00:00
how customer information has to be protected.
00:00
So whenever you think financial services,
00:00
whether it's publicly traded
00:00
>> companies or companies that
00:00
>> are handling financial information
00:00
on behalf of customers,
00:00
we want to think about Sarbanes-Oxley.
00:00
Then there's the Health Insurance Portability
00:00
and Accountability Act, HIPAA.
00:00
Anything dealing with
00:00
people's personally identifiable information regarding
00:00
health is covered by HIPAA.
00:00
Many medical institutions or institutions that
00:00
process health care data on behalf of
00:00
medical institutions really fall under HIPAA.
00:00
Then there's the Family Educational Rights
00:00
and Privacy Act, FERPA.
00:00
This applies to the data of
00:00
students who are under the age of 18 and requires
00:00
that educational institutions or
00:00
any applications that process
00:00
student data get access and per our site,
00:00
get permission from students parents
00:00
before sharing that data with anyone.
00:00
Then there's the Digital Millennium Copyright Act,
00:00
and this we've really talked about in
00:00
depth in our data on data protection.
00:00
We talked about intellectual property concepts
00:00
within the United States.
00:00
Well, this act updated
00:00
US intellectual property protections to
00:00
extend those protections into cyberspace,
00:00
like the dawn on the internet.
00:00
US law had to be updated to ensure that
00:00
intellectual protections extended to cyberspace.
00:00
One that's directly applicable
00:00
>> to the cloud is Clarifying
00:00
>> Lawful Overseas Use of Data, the CLOUD Act.
00:00
The aim of this law is to
00:00
enable or compel companies to be
00:00
transparent about where data may be you're
00:00
residing in overseas and overseas data centers.
00:00
It's really designed to help customers
00:00
be able to see where data is in
00:00
cloud provider data centers and
00:00
understand the risks that may be associated with
00:00
that when it comes to the privacy and
00:00
differences in regulations amongst nations.
00:00
Quiz question, which of
00:00
the following laws controls the
00:00
>> sharing of student data?
00:00
>> Is it FERPA, HIPAA, or SOX?
00:00
If you said FERPA, you're correct,
00:00
this law relates to
00:00
the disclosure of student information
00:00
for students that are under the age of 18.
00:00
HIPAA, that is related to
00:00
health care information and SOX,
00:00
Sarbanes-Oxley, relates to
00:00
financial services
00:00
and the protection of customer information.
00:00
In summary, we talked about
00:00
the major US laws regarding data protection.
00:00
We talked about the data in
00:00
industries that are regulated by US law.
00:00
We talked about the impact of
00:00
those regulations in Cloud environments.
00:00
Namely that you have to understand
00:00
any data that is covered under these various laws,
00:00
and make sure that you are
00:00
faithfully adhering to the regulations.
00:00
Because we really want to prevent
00:00
any data or regulatory failures
00:00
that may impact your brand,
00:00
impact your customers first and foremost,
00:00
and result in patent fees and penalties.
00:00
I'll see you in the next lesson.
Up Next