What Are Some of the Laws Regarding Internet and Data Security?
used with permission from Norton by Symantec, by Nadia Kovacs
Numerous laws in the U.S. cover Internet, data security, and privacy in the United States, with the 1974 Privacy Act arguably being the foundation for it all. The Privacy Act passed to establish control over the collection, maintenance, use, and dissemination of personal information by agencies in the executive branch of the U.S. government.
The invention of the Internet changed the definition of privacy, and made it necessary to enact new laws concerning electronic communications and security.
Let’s review some of the laws currently in place to provide a more solid idea of your rights as a consumer or businessperson:
Electronic Communications Privacy Act (ECPA)
The Electronic Communications Privacy Act was passed in 1986, and while technology has changed significantly since then, the act has remained the same. The law allows the U.S. government to access digital communications such as email, social media messages, information on public cloud databases, and more with a subpoena. No warrant is required if the items in question are 180 days old or older. Companies supply the government with information; for example in the latter half of 2012, Google reported that the government made 18,000 requests for information.
The ECPA also dictates when the government is allowed access to GPS tracking via cellphones.
Computer Fraud And Abuse Act (CFAA)
The Computer Fraud And Abuse Act makes it a crime to access and subsequently share protected information. The act was passed in the late 1980s and revised about a decade later. Reformers say the act is far too restrictive.
Cyber Intelligence Sharing And Protection Act (CISPA)
Legislation regarding this act was originally introduced in 2011. It passed in the House of Representatives but not the Senate in 2013, and was reintroduced in 2015. The act is an amendment to the National Security Act of 1947, which does not cover cyber crime.
A basic definition of this act is that it concerns how to share information on potential cyber threats with the federal government. The act has received substantial opposition, with opponents such as the Electronic Frontier Foundation concerned about “inadequate privacy protections” considering broad cyberthreat definitions. It will very likely continue to be a point of debate in Congress for some time.
Children’s Online Privacy Protection Act (COPPA)
The Children’s Online Privacy Protection Act was amended in 2012, with changes officially implemented in 2013. It requires websites that collect information on children under the age of 13 to comply with the Federal Trade Commission (FTC). The act originally passed in 2000 and was the “first U.S. privacy law written for the Internet.” The FTC determines whether a website is geared towards children by reviewing its language, content, advertising, graphics and features, and intended audience.
The law also affects general interest sites looking to collect information from children, whether the site’s operators mean to do so or not. For example, if a site operator invites browsers to submit their names and email addresses and collects other personal information via cookies, the operator might have information on visitors under the age of 13.
These and other data/Internet security laws are frequently hot topics among those who call for “Internet freedom.” There are also laws regarding the sharing of information on an international scale, such as the Trans Pacific-Partnership Agreement (TPP). This agreement involves nine countries along the Pacific Rim, including Peru, Chile, and the U.S. The U.S. Trade Office touts agreement benefits, particularly those relating to trade agreements, however opponents are concerned about its effects on digital copyrights both in the U.S. and abroad.
Familiarization with data security laws is a good idea whether you’re an individual consumer looking to go shopping online, a business collecting personal customer information, or someone who otherwise has anything else to do with the Internet.