International Traffic in Arms Regulation (ITAR)
USA - state dept prohibitions on defense related exports. This can include cryptographic
... [Show More] systems.
Export Administration Regulations
Department of Commerce
Control: dual-use goods/software/technology predominately civilian in nature but may include military applications.
Also: Anti-boycott provisions
The Wassenaar Arrangement
A group of 41 countries who have an agreement to let the others know when military shipments are made to non-member countries.
Brewer-Nash model
Regarding employees in a shared datacenter - the employees' previous access to data determines their future access levels. This involves their access to customer data. If they had access to customer A's data in the past, they should not get access to Customer A's competitors after that. (Also known as the Chinese Wall model)
The Electronic Communication Privacy Act (ECPA)
Enhance laws restricting the government from putting wire taps on phone calls, updating them to include electronic communication in the form of data.
The Stored Communications Act (SCA, Title II of the Electronic Communications Privacy Act)
Restrict government from forcing ISPs to disclose customer data the ISP might possess.
Graham- Leach-Bliley Act (GLBA)
Allow banks to merge with and own insurance companies. Included in the law were stipulations that customer account information be kept secure and private, and that customers be allowed to opt out of any information-sharing arrangements the bank or insurer might engage in.
Sarbanes-Oxley Act (SOX)
Increase transparency into publicly traded corporations' financial activities. Includes provisions for securing data and expressly names the traits of confidentiality, integrity, and availability.
Health Insurance Portability and Accountability Act (HIPAA)
Protect patient records and data, known as electronic protected health information (ePHI).
Family Educational Rights and Privacy Act (FERPA)
Prevent academic institutions from sharing student data with anyone other than parents of students (up to age 18) or the students (after age 18).
The Digital Millennium Copyright Act (DMCA)
Update copyright provisions to protect owned data in an Internet-enabled world. Makes cracking of access controls on copyrighted media a crime, and enables copyright holders to require any site on the Internet to remove content that may belong to the copyright holder.
Stored Communications Act (18 U.S.C. Chapter 121, 2701-2712)
Addresses both voluntary and compelled disclosure of stored wire and electronic communications and transactional records held by third parties. It further provides for privacy protection regarding certain electronic communications and computing services from unauthorized access or interception by government entities. It was designed as an extension of the protections previously offered by the Computer Fraud and Abuse Act (CFAA) of 1986, and as a means to enhance and update earlier "wire tap" statutes.
Health Insurance Portability and Accountability Act (HIPAA)
The primary purpose of the law when it was enacted was to make it easier for people to keep health insurance policies, protect the confidentiality and security of their healthcare information, and help the healthcare industry control administrative costs.
Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009
Provided financial incentives for medical practices and hospitals to convert paper record-keeping systems to digital
GLBA
Requires financial institutions to have a written Information Security Plan. Later FDIC revisions require an Information Security Officer be named and given adequate resources to implement the ISP. [Show Less]