- 106 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
About this book
This book gives insight into the legal aspects of data ownership in the 21st century.
With the amount of information being produced and collected growing at an ever accelerating rate, governments are implementing laws to regulate the use of this information by corporations. Companies are more likely than ever to face heavy lawsuits and sanctions for any misuse of information, which includes data breaches caused by cybercriminals.
This book serves as a guide to all companies that collect customer information, by giving instructions on how to avoid making these costly mistakes and to ensure they are not liable in the event of stolen information.
Frequently asked questions
Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
- Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
- Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Cybersecurity Law by Shimon Brathwaite in PDF and/or ePUB format, as well as other popular books in Business & Business Law. We have over one million books available in our catalogue for you to explore.
Information
CHAPTER 1
Introduction to Information Security Law
This Will Explain the Current Laws Around Information Security that Businesses Need to Be Aware of
One of the most important responsibilities of a business is to protect the sensitive information of their customers. While conducting business you will gather all sorts of personal information such as credit card numbers, home addresses, phone numbers, bank account information and much more. Not only do you have a moral obligation to properly protect this information but as a business you also have several legal obligations to your customers and if this obligations are not met you can face severe financial repercussions. In this book I will breaking down the current legal risks that management needs to be aware of to avoid being found legally liable if any data breaches do occur. Firstly, I’ll give some context on why you need to be concerned about data breaches. In 2015, the total amount of digital assets stolen via Cybercrime was estimated to be about $3 trillion USD and is expected to grow $6 trillion USD, which is more than the sale of all major illegal drugs combined. Most people tend to think that most of this money is made by e-transferring money to foreign bank accounts or something of that nature, while a fair amount of that does happen a much larger amount of that $6 trillion is made using information that is stolen “Morgan (January 23, 2018).” “Top five cybersecurity facts, figures and statistics for 2018.” When cyber criminals break into a company’s network they looking for any information that can be leveraged, things like credit card numbers, phone numbers, usernames and passwords, first and last names, and so on. From there the hackers can use this information in a couple of ways to make a profit:
- Offload cards: any financial information like credit card numbers or usernames and passwords to bank accounts can be used to directly commit financial fraud and rob your customers of their money.
- Sell customer information: They can sell this personal information to other people who will use it to commit financial fraud or use their contact information to try to scam the individual by impersonating an entity they trust like a bank for example. A full set of someone’s personal information can sell from anywhere between $1 to $450, with the median price being $21.35 “Collins (September 15, 2015).” “Here’s what your stolen identity goes for on the Internet’s black market.”
- Thirdly, they can hijack that person’s account using the username and password they found, and usually because people tend to use similar passwords across accounts they can then go and compromise other accounts that individual has on different platforms. In 2012 dropbox was breached by someone that used login information they obtained from a linkedin data breach that occurred earlier that year.
These are just a few of the potential ways that information can be used once it has been stolen from your company. This is where the legal aspect comes in, if your company is found to be negligent in your handling of your customers personal information and that data is stolen and used in a way that causes harm to the customer, you could be found liable and incur even more costs in settling lawsuits. Due to the increase in cybercrime activity in the last decade, governments have begun to implement more cybersecurity legislation demanding the businesses implement specific types of security practices. In the United States in 2017 alone, 42 states combined to pass more than 240 bills related to cybersecurity “Cybersecurity Legislation 2017 - Legislative News, Studies ... (December/January, 2017).” I’ll use two of these as examples of what a company needs to be cautious of:
H.B. 180 enacted in Delware: Amends Chapter 12B of Title 6 to update Delaware’s law regarding computer security breaches by doing the following; creates a requirement that any person who conducts business in Delaware and maintains personal information must safeguard that information; updates the definition of breach of security by including the unauthorized access, use, modification, or disclosure of personal information and the information that is included in the definition of personal information.
H.B. 2371 enacted in Illinois: Amends the Data Security on state Computers Act, requires certain state employees to annually undergo training by the Department of Innovation and Technology concerning cybersecurity, allows the department to make the training an online course, requires the training to include detecting phishing scams, preventing spyware infections and identity theft, and preventing and responding to data breaches, allows the department to adopt rules to implement the program.
I chose these two examples because they illustrate two of the key things that a company needs to beware of when it comes to avoiding cybersecurity related lawsuits, which I will go into more depth later on. The first is it is your responsibility to safeguard any information that your company collects. This includes things like making sure your data has some form of encryption, ensuring only the necessary employees have access to certain information, collecting non-essential information from customers, collecting information without making it explicitly clear to your clients, and so on.
The second portion has to do with your employees, about 50 percent of all cybersecurity breaches occur as a result of human error. The human element of our business is just as likely, if not more likely to cause you security issues than any of your computer systems themselves. Therefore, it is very important that you provide your employees with the proper training when it comes to dealing with sensitive information. Some examples would include how to properly dispose of paperwork, how to recognize fake e-mails (phishing campaigns), how to securely use remote access and much more. If a data breach occurs as a result of employee negligence and the employee was not properly trained, the liability for any damages the customer incurs usually falls on the shoulders of the company and that’s not a situation you want to be in.
References
https://searchsecurity.techtarget.com/definition/information-security-infosec
https://searchfinancialsecurity.techtarget.com/definition/personally-identifiable-information
https://csoonline.com/article/3153707/security/top-5-cybersecurity-facts-figures-and-statistics.html
https://qz.com/460482/heres-what-your-stolen-identity-goes-for-on-the-internets-black-market/
http://ncsl.org/research/telecommunications-and-information-technology/cybersecurity-legislation-2017.aspx
Collins, K. September 15, 2015. “Here’s What Your Stolen Identity Goes for on the Internet’s Black Market.” Retrieved from https://qz.com/460482/heres-what-your-stolen-identity-goes-for-on-the-internets-black-market/
Cybersecurity Legislation. 2017. “Legislative News, Studies. (December/January, 2017).” Retrieved from http://ncsl.org/research/telecommunications-and-information-technology/cybersecurity-legislation-2017.aspx
Morgan, S. January 23, 2018. “Top 5 Cybersecurity Facts, Figures and Statistics for 2018.” Retrieved from https://csoonline.com/article/3153707/security/top-5-cybersecurity-facts-figures-and-statistics.html
Rouse, M. n.d. “What is Personally Identifiable Information (PII)?” Definition from WhatIs.com. Retrieved from https://searchfinancialsecurity.techtarget.com/definition/personally-identifiable-information
“What is Information Security (Infosec)?” n.d. Definition from WhatIs.com. Retrieved from https://searchsecurity.techtarget.com/definition/information-security-infosec
CHAPTER 2
Cyber Law and Intellectual Property
This Chapter Will Address an Important Aspect of Cyber Law Related to Protecting a Companies IP
Intellectual property refers to a work or invention that are a result of creativity to which a person has rights and you may apply for a patent, copyright, trademark, and so on in order to make that product of creativity your own property “What is Intellectual Property? (n.d.). Retrieved from http://wipo.int/about-ip/en/” For examples are Music, Literature, and Software apps. There are many items that offered over the Internet that are considered Intellectual Property and you need to ensure you have properly registered any of your creations or you may have it stolen by somebody else, simply because they knew how the laws worked and you did not.
Copyright: This is the most common and most important Intellectual Property Law, especially when it comes to the Internet. It covers any original work of authorship such as text for a webpage, a software program, blogs, music, and so on. One of the most common ones that are overlooked on the Internet is getting copyright for you software applications. Remember all software apps are created by some...
Table of contents
- Cover
- halftitle
- title
- Copyright
- Abstract
- Contents
- Disclaimer
- 01_Chapter 1
- 02_Chapter 2
- 03_Chapter 3
- 04_Chapter 4
- 05_Chapter 5
- 06_Chapter 6
- 07_Chapter 7
- 08_Chapter 8
- 09_Chapter 9
- 10_Chapter 10
- 11_Bios
- 12_Index
- 13_Adpage