INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES
ISSA
Legal and Privacy Issues in Information Security
THIRD EDITION
Joanna Lyn Grama
World Headquarters
Jones & Bartlett Learning
5 Wall Street
Burlington, MA 01803
978-443-5000
www.jblearning.com
Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com.
Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to .
Copyright 2022 by Jones & Bartlett Learning, LLC, an Ascend Learning Company
All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner.
The content, statements, views, and opinions herein are the sole expression of the respective authors and not that of Jones & Bartlett Learning, LLC. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not constitute or imply its endorsement or recommendation by Jones & Bartlett Learning, LLC and such reference shall not be used for advertising or product endorsement purposes. All trademarks displayed are the trademarks of the parties noted herein. Legal and Privacy Issues in Information Security, Third Edition is an independent publication and has not been authorized, sponsored, or otherwise approved by the owners of the trademarks or service marks referenced in this product.
There may be images in this book that feature models; these models do not necessarily endorse, represent, or participate in the activities represented in the images. Any screenshots in this product are for educational and instructive purposes only. Any individuals and scenarios featured in the case studies throughout this product may be real or fictitious, but are used for instructional purposes only.
Production Credits
Director of Product Management: Laura Pagluica
Product Manager: Edward Hinman
Content Strategist: Melissa Duffy
Content Coordinator: Paula-Yuan Gregory
Manager, Project Management: Jessica deMartin
Project Specialist: Roberta Sherman
Digital Project Specialist: Rachel DiMaggio
Marketing Manager: Michael Sullivan
Product Fulfillment Manager: Wendy Kilborn
Composition: S4Carlisle Publishing Services
Project Management: S4Carlisle Publishing Services
Cover Design: Kristin E. Parker
Media Development Editor: Faith Brosnan
Rights Specialist: James Fortney
Cover Image: mirjanajovic/DigitalVision Vectors/Getty Images
Printing and Binding: LSC Communications
Library of Congress Cataloging-in-Publication Data
Names: Grama, Joanna Lyn, author.
Title: Legal and privacy issues in information security / Joanna Lyn Grama.
Other titles: Legal issues in information security
Description: Third edition. | Burlington, Massachusetts : Jones & Bartlett
Learning, [2022] | Includes bibliographical references and index.
Identifiers: LCCN 2020028528 | ISBN 9781284207811 (paperback)
Subjects: LCSH: Information storage and retrieval systems--Law and
legislation--United States. | Data protection--Law and
legislation--United States. | Information storage and retrieval
systems--Security measures--Law and legislation--United States.
Classification: LCC KF1263.C65 G73 2022 | DDC 342.7308/58--dc23
LC record available at https://lccn.loc.gov/2020028528
6048
Printed in the United States of America
25 24 23 22 21 10 9 8 7 6 5 4 3 2
Contents
To my son, A.J., and my husband, Ananth
Purpose of This Book
This book is part of the Information Systems Security & Assurance Series from Jones & Bartlett Learning (www.jblearning.com). Designed for courses and curriculums in Information Technology (IT) Security, Cybersecurity, Information Assurance, and Information Systems Security, this series features a comprehensive, consistent treatment of the most current thinking and trends in this critical subject area. These titles deliver fundamental information-security principles packed with real-world applications and examples. Authored by Certified Information Systems Security Professionals (CISSPs), they deliver comprehensive information on all aspects of information security. Reviewed word for word by leading technical experts in the field, these books are not just current, but forward-thinkingputting you in the position to solve the cybersecurity challenges not just of today, but of tomorrow as well.
This book discusses information security, privacy, and the law. Information security is the practice of protecting information to ensure the goals of confidentiality, integrity, and availability. Information security makes sure that accurate information is available to authorized individuals when it is needed. Governments, private organizations, and individuals all use information security to protect information. Sometimes these organizations do a very good job of protecting information. Sometimes they do not.
When governments, private organizations, and individuals do a poor job of protecting the information entrusted to them, legislatures respond with new laws that require a more structured approach to information security. The U.S. federal government has enacted several laws that focus on protecting different types of information. This third edition takes into account the changing legal and regulatory landscape, and growth in privacy concerns, since this book was first published. Finding out which law applies to a particular situation, or type of data, or how best to think about privacy issues related to specific situations or data, is often confusing.
This book tries to help eliminate that confusion. focuses on how to create an information security program that addresses the laws and compliance requirements discussed throughout the book.
Learning Features
The writing style of this book is practical and conversational. Step-by-step examples of information security concepts and procedures are presented throughout the text. Each chapter begins with a statement of learning objectives. Illustrations are used both to clarify the material and to vary the presentation. The text is sprinkled with Notes, Tips, FYIs, Warnings, and Sidebars to alert the reader to additional and helpful information related to the subject under discussion. Chapter Assessments appear at the end of each chapter, with solutions provided in the back of the book.
Next page