© ITT Educational Services, Inc. All rights reserved.

IS3350 Security Issues in Legal Context

Unit 5

Security and Privacy InvolvingCorporations and Educational Institutions

© ITT Educational Services, Inc. All rights reserved.Page 2IS3350 Security Issues in Legal Context

Learning Objective

Identify the basic components of the American legal system

Describe legal compliance laws addressing public and private institutions

© ITT Educational Services, Inc. All rights reserved.Page 3IS3350 Security Issues in Legal Context

Key Concepts

Protecting children on the InternetFamily Education Rights and Privacy Act

(FERPA)Regulation of privacy and security in

corporationsSarbanes-Oxley (SOX)Compliance and security controls

© ITT Educational Services, Inc. All rights reserved.Page 4IS3350 Security Issues in Legal Context

EXPLORE: CONCEPTS

© ITT Educational Services, Inc. All rights reserved.Page 5IS3350 Security Issues in Legal Context

Critical Aspects of FERPA

Right to inspect and review student education records

Right to request that a school correct inaccurate or misleading records

Schools required to secure written permission from parent or eligible student to release information from student education record

© ITT Educational Services, Inc. All rights reserved.Page 6IS3350 Security Issues in Legal Context

School Disclosure Exceptions in FERPA

• School officials with legitimate educational interest• Other schools to which a student is transferring• Specified officials for audit or evaluation

purposes• Appropriate parties in connection with financial

aid to a student

© ITT Educational Services, Inc. All rights reserved.Page 7IS3350 Security Issues in Legal Context

School Disclosure Exceptions in FERPA (cont.)• Organizations conducting certain studies for

or on behalf of the school• Accrediting organizations• Response to judicial order or lawfully issued

subpoena • Appropriate officials in cases of health and

safety emergencies• State and local authorities within a juvenile

justice system, pursuant to specific State law

© ITT Educational Services, Inc. All rights reserved.Page 8IS3350 Security Issues in Legal Context

School Disclosure Exceptions in FERPA (cont.)

• Directory information• Student and parents must be informed

and raise no objectives• Name, address, and telephone number• Date and place of birth• Honors and awards• Dates of attendance

© ITT Educational Services, Inc. All rights reserved.Page 9IS3350 Security Issues in Legal Context

Critical Aspects of Sarbanes-Oxley (SOX) Protect investors by requiring accuracy and

reliability in corporate disclosures Created new standards for corporate

accountability Created new penalties for acts of wrongdoing,

both civil and criminal Changes how corporate boards and executives

must exchange information and work with corporate auditors

© ITT Educational Services, Inc. All rights reserved.Page 10IS3350 Security Issues in Legal Context

Critical Aspects of Sarbanes-Oxley (SOX) continued

Specifies new financial reporting requirements Requires all financial reports to include an

internal control report Auditing firms are also required to attest to the

accuracy of the assessment

© ITT Educational Services, Inc. All rights reserved.Page 11IS3350 Security Issues in Legal Context

Critical Sections of Sarbanes-Oxley Act• Services outside scope of auditor

practice

• Corporate responsibility for financial reports

Sec. 404 • Assessment of internal controls

• Real time issuer disclosures

• Criminal penalties for altering documents

• Protection of employees exposing fraud

• Criminal penalties for defrauding shareholders

© ITT Educational Services, Inc. All rights reserved.Page 12IS3350 Security Issues in Legal Context

Privacy – Principle Concepts

• Privacy of employee data• Privacy of customer data• Privacy of corporate data

© ITT Educational Services, Inc. All rights reserved.Page 13IS3350 Security Issues in Legal Context

Privacy in Workplace

Law generally allows organizations to monitor employee conduct

Protection of proprietary informationMaintain privacy of customer information

© ITT Educational Services, Inc. All rights reserved.Page 14IS3350 Security Issues in Legal Context

COPPA and CIPAChildren are Internet-ready and receptiveLack the judgment and knowledge of

dangers Lack knowledge to evaluate the merits of

informationU.S Congress Protective Actions• Children's Online Privacy Protection Act

(COPPA) of 1998• Children's Internet Protection Act (CIPA)

of 2000

© ITT Educational Services, Inc. All rights reserved.Page 15IS3350 Security Issues in Legal Context

EXPLORE: PROCESS

© ITT Educational Services, Inc. All rights reserved.Page 16IS3350 Security Issues in Legal Context

Children's Online Privacy Protection Act (COPPA)Notice of information practices on home

pageNotice at each area where personal

information from children is collectedNotice must be clearly written and

understandableNotice may not include any unrelated or

confusing materialsNotification of parent is requiredVerifiable parental consent is required

© ITT Educational Services, Inc. All rights reserved.Page 17IS3350 Security Issues in Legal Context

EXPLORE: CONTEXT

© ITT Educational Services, Inc. All rights reserved.Page 18IS3350 Security Issues in Legal Context

Where do COPPA and CIPA Apply?

Commercial Web sites Online servicesEducational institutions Libraries

 

© ITT Educational Services, Inc. All rights reserved.Page 19IS3350 Security Issues in Legal Context

CIPA Requirements

Schools and libraries must • Use technology protection measures • Protect against access to harmful visual

depictions• Adopt and enforce a policy to monitor the

online activities of minorsMinors are those 17 years of age or less

© ITT Educational Services, Inc. All rights reserved.Page 20IS3350 Security Issues in Legal Context

Summary

Protecting children on the InternetFamily Education Rights and Privacy Act

(FERPA)Regulation of privacy and security in

corporationsSarbanes-Oxley (SOX)Compliance and security controls