Information security breaches in the past two decades have necessitated new security-related legal and regulatory frameworks or updates to existing legal and regulatory frameworks to include security-related compliance provisions across various countries. Requirements to comply with legal and legislative frameworks have increased exponentially due to global nature of the Internet, cross-border information exchange, electronic commerce, and services. Compliance frameworks are abundant with terms and jargon that a security professional should be aware of. Following are some of the legal and regulatory frameworks, terms, and jargons that are relevant to the Information Security domain.
Common law is a law that is developed based on the decisions of courts and tribunals rather than through statutory laws (legislative statutes). The legal system that uses common law is called common law legal systems. Countries, such as the United Kingdom, the United States of America (most of the states in the USA), Canada, Australia, South Africa, India, Malaysia, Singapore, and Hong Kong follow common law.
There are three categories under common law that are generally established:
Regulatory law, also called as Administrative law, primarily deals with the regulations of administrative agencies of the government.
Criminal law deals with the violations of government laws. Criminal laws are filed by government agencies against an individual or an organization. The punishment under criminal laws includes imprisonment as well as financial penalties.
Civil law deals with the lawsuits filed by private parties, such as corporations or individuals. Punishments under this law are financial or punitive damages or both.
Statutory law, legislative statute, or statute law is a legal system that is set down by the legislature or executive branch of the government. Statutory law under certain instances is also termed as codified law.
Religious are legal systems based on religious principles. Examples include Hindu, Islam, and Christian laws.
Civil Law laws are legal systems based on religious principles. Examples include Hindu, Islam, and Christian laws.
Civil Law is a legal system based on codes and legislative statutes as opposed to common law. France, Germany, and many other countries in the world follow civil law. Hence, there is a civil law category in the common law system and a civil law system itself.
Privacy is protection of Personally Identifiable Information (PII)about individuals or Sensitive Personal Information (SPI) that can be used to identify a person in context with a group. Protection under privacy is from disclosure or selective disclosure based on the individual's preferences.
National Institute of Standards and Technology (NIST) has published a guide to protecting the confidentiality of the personally identifiable information-wide NIST special publication 800-122. As per the guide, PII is defined as any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual's identity, such as name, social security number, date and place of birth, mother's maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.
Privacy laws deal with protecting and preserving the rights of an individual's privacy.
A few examples of privacy laws in the United States include the following:
Health Insurance Portability and Accountability Act (HIPAA)
Financial Services Modernization Act (GLB), 15 U.S. Code: 6801-6810
Final Rule on Privacy of Consumer Financial Information, 16 Code of Federal Regulations, Part 313
In the UK, they include the following:
Data Protection Act 1998 (United Kingdom)
Data Protection Directive (European Union)
Intellectual Property (IP) refers to creative works using intellect, that is, mind, music, literary works, art, inventions, symbols, designs, and so on fall under intellectual property. The creator of such intellectual work has certain exclusive rights over the property. These exclusive rights are called Intellectual Property Rights (IPR).
Intellectual property law is a legal domain that deals with Intellectual Property Rights (IPR).
Following are some of the IPR-related terminologies:
Copyright: This is an intellectual property that grants exclusive rights to the creator of the original work, such as deriving financial benefits out of such work, ownership credits, and so on. Others do not have 'right to copy' such work. Copyright is country-specific.
Patent: This is a set of exclusive rights granted to the inventor of new, useful, inventive, and industry applicable inventions. This right excludes others from making, using, selling, or importing the invention. Patents are granted for a specific period of time. A patent is a public document.
Trademark: This is a unique symbol or mark that is used by individuals or organizations to uniquely represent a product or a service. Trademark is also used to distinguish from products and services of other entities.
Trade secret: This is a formula, design, process, practice, or pattern that is not revealed to others. This is to protect the information being copied and gain competitive advantage.