This preview shows page 1. Sign up to view the full content.
Unformatted text preview: fects all industries, including government. Regulation by industry is vertical enactment. It defines requirements for specific verticals, such as the financial sector and health care. In both
cases, the overall objective is twofold. First, the initiatives seek to protect citizens’ personally identifiable information (PII). Second, the initiatives seek to balance the needs of
government and businesses to collect and use PII with consideration of security issues.
In response, countries have enacted privacy laws. For example, although the United
States already had the Federal Privacy Act of 1974, it has enacted new laws, such as the
Gramm-Leach-Bliley Act of 1999 and the Health Insurance Portability and Accountability Act (HIPAA), in response to an increased need to protect personal privacy information. These are examples of a vertical approach to addressing privacy, whereas
Canada’s Personal Information Protection and Electronic Documents Act and New
Zealand’s Privacy Act of 1993 are horizontal approaches. ch10.indd 865 12/4/2009 11:39:08 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 CISSP All-in-One Exam Guide 866
The Federal Privacy Act was put into place to protect U.S. citizens’ sensitive information that is collected by government agencies. It states that any data collected must be
done in a fair and lawful manner. The data are to be used only for the purposes for
which they were collected and held only for a reasonable amount of time. If an agency
collects data on a person, that person has the right to receive a report outlining data
collected about him if it is requested. Similar laws exist in many countries around the
Technology is continually advancing in the amount of data that can be kept in data
warehouses, data mining and analysis techniques, and distribution of this mined data.
Companies that are data aggregators compile in-depth profiles of personal information
on millions of people, even though many individuals have never heard of these specific comp...
View Full Document
This note was uploaded on 06/01/2013 for the course NET 125 taught by Professor Hurst during the Fall '12 term at Wake Tech.
- Fall '12