Final Prep

Section 230 of the CDA

"No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider" (47 U.S.C. 230). This provides immunity to an internet service provider (ISP) that publishes user-generated content, as long as its actions do not rise to the level of a content provider. In general, the closer an ISP is to a pure service provider than to a content provider, the more likely that the Section 230 immunity will apply.6 This portion of the CDA protects social networking companies such as Facebook and Twitter from defamation suits in connection with user postings that appear on their sites.

Title III of the Omnibus Crime Control and Safe Streets Act

(also known as the Wiretap Act) regulates the interception of wire (telephone) and oral communications.

The use of information technology in both government and business requires balancing the needs against the rights and desires of the people. For which purposes do organizations use the data collected about people?

1. To target marketing. 2. To serve customers better 3. To better understand consumers purchasing habits and financial conditions 4. To make better decisions

BYOD

A business policy that permits—and in some cases, encourages—employees to use their own mobile devices (smartphones, tablets, or laptops) to access company computing resources and applications, including email, corporate databases, the corporate intranet, and the internet.

electronic medical record (EMR)

A collection of health-related information on an individual that is created, managed, and consulted by authorized clinicians and staff within a single healthcare organization.

electronic health record (EHR)

A comprehensive view of the patient's complete medical history designed to be shared with authorized providers and staff from more than one organization.

Data Breaches

A data breach is the unintended release of sensitive data or the access of sensitive data (e.g., credit card numbers, health insurance member IDs, and Social Security numbers) by unauthorized individuals. The increasing number of data breaches is alarming, as is the lack of initiative by some companies in informing the people whose data are stolen. A number of states have passed data breach notification laws that require companies to notify affected customers on a timely basis.

A detailed decision-making process

A detailed decision-making process will allow for the best success rates in solving problems.

computer forensics

A discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices in a manner that preserves the integrity of the data gathered so that it is admissible as evidence in a court of law.

next-generation firewall (NGFW)

A hardware- or software-based network security system that is able to detect and block sophisticated attacks by filtering network traffic dependent on the packet contents.

clinical decision support (CDS)

A process and a set of tools designed to enhance healthcare-related decision making through the use of clinical knowledge and patient-specific information to improve healthcare delivery.

Health Information Technology for Economic and Clinical Health Act (HITECH Act)

A program to incentivize physicians and hospitals to implement such systems. Under this act, increased Medicaid and Medicare reimbursements are made to doctors and hospitals that demonstrate "meaningful use" of electronic health record (EHR) technology

Section 230 of the CDA

A section of the Communications Decency Act that provides immunity to an Internet service provider (ISP) that publishes user-generated content, as long as its actions do not rise to the level of a content provider.

Because personal data accuracy laws and regulations are few for U.S. citizens (other than credit reporting companies and financial institutions), organizations concerned about data accuracy, privacy, and protections are recommended to follow implementing the CIA Security Triad best practice. Describe the protective security layers the CIA Security Triad deploys.

A security strategy begins with a risk assessment to identify and prioritize the threats (internal and external) that an organization faces. Authentication methods, encryption, firewall, proxy servers, and VPNs are all recommended security practices to protect and secure information data. An intrusion detection system is recommended to be implemented to alert security personnel whenever unusual activity occurs to assist in the protection and security of information data.

Social Networking

A social networking platform creates an online community of internet users that enables members to break down barriers created by time, distance, and cultural differences. Such a site allows people to interact with others online by sharing opinions, insights, information, interests, and experiences.

social shopping

A social shopping platform brings shoppers and sellers together in a social networking environment in which members share information and make recommendations while shopping online.

Strategic Lawsuit Against Public Participation (SLAPP)

A strategic lawsuit against public participation (SLAPP) is employed by corporations, government officials, and others against citizens and community groups who oppose them on matters of public interest. The lawsuit is typically without merit and is used to intimidate critics out of fear of the cost and efforts associated with a major legal battle. Many question the ethics and legality of using a SLAPP; others claim that all is fair when it comes to politics and political issues.

computerized provider order entry (CPOE) system

A system that enables physicians to place orders (for drugs, laboratory tests, radiology, physical therapy) electronically, with the orders transmitted directly to the recipient.

The implementation deadline for a highly visible IT project that will improve global client services is going to be missed due to a data integrity issue. An IT team member from an international country is confident that he has the solution code, but he does not have the resources to the test code. The project leader is receiving a lot of pressure to complete the project. What should this project leader do?

Accept the code, test it, and implement the project late

Children's Internet Protection Act (CIPA)

An act passed in 2000; it required federally financed schools and libraries to use some form of technological protection (such as an internet filter) to block computer access to obscene material, pornography, and anything else considered harmful to minors.

Child Online Protection Act (COPA)

An act signed into law in 1998 with the aim of prohibiting the making of harmful material available to minors via the internet; the law was ultimately ruled largely unconstitutional.

anonymous expression

An anonymous expression is the expression of opinions by people who do not reveal their identity. The freedom to express an opinion without fear of reprisal is an important right of a democratic society. Anonymity is even more important in countries that do not allow free speech. Maintaining anonymity on the internet is important to some computer users. Such users sometimes use an anonymous remailer service, which strips the originating header or internet protocol (IP) address or both from the message and then forwards the message to its intended recipient.

An IT worker uses a company-owned vehicle to transport illegal drugs. How does the use of auto-tracking devices explain the ethical issue in this scenario?

An employer can use GPS-tracking data as evidence for the investigation.

Anti-SLAPP laws

Anti-SLAPP laws are designed to reduce frivolous SLAPPs. As of 2015, 28 states and the District of Columbia had passed anti-SLAPP legislation to protect people who are the target of a SLAPP.23 Typically, under such legislation, a person hit with what they deem to be a SLAPP can quickly file an anti-SLAPP motion, which puts a hold on the original lawsuit until the court determines whether the defendant was being targeted for exercising free-speech rights, petitioning the government, or speaking in a public forum on "an issue of public interest." In such cases, the SLAPP lawsuit is thrown out unless the plaintiff can show that the claims are legitimate and likely to succeed at trial. To guard against abusive anti-SLAPP motions, the side that loses such a case is required to pay the other side's legal fees.24

Authentication?

Authentication is more complicated but more secure.

Awareness

Awareness of policies and procedures can head off potential problems.

Back ups?

Back up data onto a separate device regularly for disaster recovery.

Corporate scandals

Based on several very publicized corporate scandals, the need for organizational governance and ethics have been brought into the limelight and have spawned legislation imposing steep fines and potential imprisonment for wrongdoers.

Big Data 5 V's

Big data can be viewed through the characteristics of big data—the 5 Vs which include volume, velocity, variety, veracity, and value.

Big Data

Big data is a collection of massive and complex data sets that include the huge quantities of data, data management capabilities, social media analytics, and real-time data.

Big data refers to?

Big data refers to more than just the existence and explosive growth of large digital datasets; it also refers to the new techniques, organizations, and processes that are necessary to transform large datasets into valuable human knowledge.

CIPA

CIPA requires federally financed schools and libraries to use filters to block computer access to any material considered harmful to minors. In United States v. American Library Association, Inc., the American Library Association challenged CIPA. Ultimately, in that case, the Supreme Court made it clear that the constitutionality of government-mandated filtering schemes depends on adult patrons' ability to request and receive unrestricted access to protected speech.

Job seekers

Candidates seeking a job should review their presence on social media and remove photos and postings that portray them in a potentially negative light. Many job seekers delete their social media accounts altogether.

Which organization would offer more comprehensive training programs to support caregivers?

Centers for Medicare & Medicaid Services (CMS)

Data collection policies and guidelines

Clear and understandable data collection, use, and privacy policies, when those policies give users and data subjects actionable information and encourage them to use it, help to promote the values of transparency, autonomy, and trustworthiness. 1. Not all problems have a big data solution, and we may overlook more economical and practical solutions if we believe otherwise. 2. Data mining tools may help predict future trends and behaviors, allowing businesses to make proactive, knowledge-driven decisions.

What privacy dimensions define information privacy

Communications Privacy and Data Privacy

MSSP

Companies may outsource security operations to a managed security service provider (MSSP).

What is the CIA security triad?

Confidentiality Integrity Availability

Who needs to know?

Consider who has a "need to know" when it comes to sensitive information.

Define the critical safeguard, according to the CIA Security Triad, to minimize data mismanagement and data inaccuracies at the application level with respect to information technology.

Creation of roles and user accounts so that employees only have the authority to perform their responsibilities and nothing more

Current Machine Learning

Current machine learning systems can use information that is incomplete or occasionally act on inaccurate data inputs without severe consequence.

Cyberharassment

Cyberharassment is a form of cyberabuse in which the abusive behavior, which involves the use of an electronic communications device, is degrading, humiliating, hurtful, insulting, intimidating, malicious, or otherwise offensive to an individual or group of individuals, causing substantial emotional distress.

Cyberstalking

Cyberstalking is also a form of cyberabuse that consists of a long-term pattern of unwanted persistent pursuit and intrusive behavior (involving the use of an electronic communications device) that is directed by one person against another that causes fear and distress in the victim.

Data Manipulation

Data manipulation is the process of changing data in an effort to make it easier to read or more organized. Data manipulation is a tool to highlight and illustrate to the viewer the information most desired.

Why is Data manipulation used?

Data manipulation is typically used for illustrative purposes, whereas misrepresentation of information is used to deceive viewers. Misrepresentation is not always deliberate; much of it is a function of ignorance or irresponsibility and laziness.

Data practices

Data practices are never isolated from a broader data ecosystem that includes powerful social forces and instabilities not under my control.

How and when of data collection and storage?

Data should be collected only as much of it as needed, when it is needed, stored carefully for only as long as it is needed and purged when no longer needed.

Defined data integrity

Defined data integrity can be defined as either a state or a process. Data integrity as a state defines a data set that is both valid and accurate. Data integrity as a process describes measures used to ensure validity and accuracy of a data set or all of the data in a database or other data construct.

One way to protect sensitive information

Discover how to segment users and groups when sensitive data are concerned.

Doxing

Doxing involves doing research on the internet to obtain someone's private personal information (such as a home address, email address, phone numbers, and place of employment) and even private electronic documents (such as photographs), and then posting that information online without permission. Many businesses monitor the web for the public expression of opinions that might hurt their reputations. They also try to guard against the public sharing of company confidential information.

E-discovery

E-discovery is defined as the collection, preparation, review, and production of electronically stored information for use in criminal and civil actions and proceedings.

Earned media

Earned media refers to media exposure an organization gets through press and social media mentions, positive online ratings and reviews, tweets and retweets, reposts (or "shares"), recommendations, and so on. Earned social media traffic enables an organization to reach more people without any additional cost.

Protection from fake news

Education is key for individuals looking to minimize questionable sources and protect themselves against misguided information.

Education

Education is the best defense against phishing and other scams. If it does not feel right, it is probably not right.

What to do about Cyberloafing

Employers adopt policies to guide employees toward acceptable behaviors.

cyberloafing

Employers realize technology may easily be abused by workers doing personal activities in the workplace. This is called cyberloafing.

Ethical issues of data

Ethical issues are everywhere in the world of data, because the process of data collection, analysis, transmission and use can and often does profoundly impact the ability of individuals and groups to live well.

What to do when a data breach occurs

Ethics dictates that significant data breaches of personal information should be found and quickly dealt with. The victims whose data were taken should be notified, though private companies do not have a federal mandate to do this. It is up to each state to enforce laws pertaining to data breaches unless the company is publicly traded.

Tracking

Face- and voice-recognition algorithms can now be used to track and create a lasting digital record of your movements and actions in public, even in places where you would previously have felt anonymous. There is no consistent legal framework governing this kind of data collection.

facial recognition

Facial recognition is the next level of technology that will be not only invading people's privacy but also requiring expert training and algorithms in order to generate accurate images matches.

What are some important parts of securing the network

Firewalls and routers are important pieces in securing the network.

IT professionals

IT professionals are stewards to protect data integrity.

Important factors to think about when communicating with data specialists

Important factors to think about when communicating with data specialists, particularly when beginning a data search are the following: What question should we ask? What data do we need? What are the ethical implications of using the data and generating new information?

Who decides if a technology is safe?

In some cases, technology standards organizations are working on ethics and design.

Annoying Speech

In the United States, speech that is merely annoying, critical, demeaning, or offensive enjoys protection under the First Amendment to the U.S. Constitution. Legal recourse is possible only when hate speech turns into clear threats and intimidation against specific citizens.

Revenge Porn

Inappropriate material posted online includes nonconsensual posts that include intimate photos or videos of people without their permission; such posts are often referred to as "revenge porn." This type of content is often uploaded by ex-partners with an intention to shame, embarrass, or harass (or all of these) their former partner.

Why are there more and bigger data breaches?

Increasing computing complexity, expanding and changing systems, increasing in the prevalence of BYOD policies, a growing reliance on software with known vulnerabilities, and the increasing sophistication of those who would do harm have caused a dramatic increase in the number, variety, and severity of security incidents.

Independent auditing

Independent auditing, whether internal or external, should be performed to validate financial reporting. Processes should be in place to protect employee whistle-blowers from retaliation.

Information and content

Information and content are being generated at record levels never seen in history. It is critical to maintain the ability to manage that data through big data analytics.

Information collection

Information collected about individuals from their facial characteristics, geocoded data, and even how people walk suggests a reminder to carefully consider the potential privacy concerns from mass information tracking systems.

Anti-Virus and Anti-Malware

Install antivirus and malware software on every computer. Frequently update the definition files and scan each computer regularly.

The internets role in data collection

Internet's role with big data is such that data are being collected round the clock by a multitude of sources including applications, phones, messaging, bots, and the Internet of Things.

Viral marketing

Is an approach to social media marketing that encourages individuals to pass along a marketing message to others, thus creating the potential for exponential growth in the message's exposure and influence.

Many IT professionals feel their privacy is violated when employers use GPS-tracking devices. What describes the employer's point of view?

Legal and Ethical

Family Educational Rights and Privacy Act (1974)

Limits access to computer-stored records of education-related evaluations and grades in private and public colleges and universities.

Machine Learning

Machine learning is a type of AI that involves computer programs that can learn a task to improve performance with experience. Machine learning systems produce a prediction that is compared against reality, and then the parameters are modified accordingly. This learning process is repeated until the learning system is able to make predictions that are sufficiently accurate.

Pornography

Many adults, including some free-speech advocates, believe there is nothing illegal or wrong about purchasing adult pornographic material made by and for consenting adults. However, organizations must be very careful when dealing with pornography in the workplace. As long as companies can show that they were taking reasonable steps to prevent pornography, they have a valid defense if they are subject to a sexual harassment lawsuit.

Misrepresentation of data

Misrepresentation of data to deliberately influence an audience toward an outcome can come in the form of misleading graphs or charts, false data, and even outright fraud.

EDR

Most cars now come equipped with a vehicle event data recorder (EDR), and the data from this device may be used as evidence in a court of law.

true

Multiple levels of security must be put into place to deter attackers.

online harassment or abuse

Nearly three-quarters of U.S. internet users have witnessed online harassment or abuse, and almost half have personally experienced it.

bots and big data

New technological advances with the use of bots and big data make our lives simpler with the ability to expedite content that we are seeking, however, this could actually be used against us as biased sources may be programmed into the bots.

Data collection considerations

Once the right question has been established around what data to collect, the next step is to think about where to obtain the needed data. Next consider id the data is sufficient or unbiased. Finally consider the cost of the data collection.

John Doe lawsuit

Organizations may file a John Doe lawsuit to enable them to gain subpoena power in an effort to learn the identity of anonymous internet users who they believe have caused some form of harm to the organization through their postings.

Passwords?

Passwords should be difficult to guess and changed on a regular basis. Multifactor authentication models should also be implemented.

Personal data collection

Personal data are being collected electronically in many ways that are not apparent to the consumer. Simply visiting a website or using an app may trigger an automatic permission to collect data about you.

Postmortem

Postmortem meetings are important for examining what went right and what needs correction before the next incident.

Predictive coding

Predictive coding is a process that couples human intelligence with computer-driven concept searching in order to "train" document review software to recognize relevant documents within a document universe. Artificial intelligence (AI) techniques allow the software to continually learn.

Fair Credit Reporting Act (1970)

Protects the privacy and accuracy of information in a credit check

Children's Online Privacy Protection Act (1998)

Protects the privacy of children under 13 years in online activities Disclose all information collection and tracking practices and all information uses Employ age screening mechanisms Obtain verifiable parental consent for collection, use, or disclosure of children's personal information Collect no more information than reasonably necessary for online activity Provide opportunities to correct or remove information and discontinue contact

What are some kinds of computer exploits

Ransomware, viruses, worms, Trojan horses, logic bombs, blended threats, spam, DDoS attacks, rootkits, advanced persistent threats, phishing, spear-phishing, smishing, vishing, cyberespionage, and cyberterrorism are among the most common computer exploits.

Which best practice standard should be enforced to ensure IT personnel are properly trained?

Reasonable professional standard

Porn and computer use policy

Reasonable steps include establishing a computer usage policy that prohibits access to pornography sites, identifies those who violate the policy, and takes action against those users—regardless of how embarrassing it is for the users or how harmful it might be for the company.

Right to Financial Privacy Act (1978)

Requires government authorities have a subpoena, summons or search warrant to access an individual's financial records When records are released, the financial institution must notify the individual of who has had access to them.

Is security at the network level enough?

Security is not sufficient at just the network level; every user must be diligent when it comes to securing data.

What does security start with?

Security starts with each individual in the organization, and even the organization itself is responsible for protecting data, especially personal data.

Sexting

Sexting—sending sexual messages, nude or seminude photos, or sexually explicit videos over a cell phone—is a fast-growing trend that can lead to many problems for both senders and receivers.

Digital Millennium Copyright Act (DMCA)

Signed into law in 1998, the act addresses a number of copyright-related issues, with Title II of the act providing limitations on the liability of an Internet service provider for copyright infringement.

What is social media

Social media are web-based communication channels and tools that enable people to interact with each other by creating online communities in which they can share information, ideas, messages, and other content, including images, audio, and video.

inaccurate healthcare data

Some inaccurate healthcare data scenarios are created by human error, poor IT systems issues, or poorly designed computer software systems.

Hate Speech

Some internet service providers (ISPs) and social networking sites have voluntarily agreed to prohibit their subscribers and members from sending hate messages using their services. Because such prohibitions can be included in the service contracts between a private ISP and its subscribers or a social networking site and its members—and do not involve the federal government—they do not violate subscribers' First Amendment rights.

When to notify?

Sometimes outside agencies need to be contacted, and there are times that outside notification can be more damaging.

Spyware

Spy software has been used for years by parents monitoring their children, but stalkers use it too.

Testing

Testing systems must be thorough without prejudice to uncover defects before someone else does.

The American Recovery and Reinvestment Act (2009)

The American Recovery and Reinvestment Act (Public Law 111-5) is a wide-ranging act passed in 2009 that authorized $787 billion in spending and tax cuts over a 10-year period. Title XIII, Subtitle D, of this act (known as the Health Information Technology for Economic and Clinical Health Act, or HITECH) included strong privacy provisions for electronic health records (EHRs), including banning the sale of health information, promoting the use of audit trails and encryption, and providing rights of access for patients. It also mandated that each individual whose health information has been exposed be notified within 60 days after the discovery of a data breach.

The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act

The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act specifies requirements that commercial emailers must follow when sending out messages that advertise a commercial product or service. The CAN-SPAM Act is also sometimes used in the fight against the dissemination of pornography.

DHS

The DHS is responsible for providing a "safer, more secure America, which is resilient against terrorism and other potential threats." The agency's Office of Cybersecurity and Communications is responsible for enhancing the security, resilience, and reliability of U.S. cyber and communications infrastructure.

European Union Data Protection Directive

The European Union (EU) Data Protection Directive requires member countries to ensure that data transferred to non-EU countries are protected. Furthermore, the EU directive provides an individual the right to know how data will be used with a capability to restrict their use and the right to challenge the accuracy of data and to provide corrected data.

Data accuracy safeguard laws and regulations for U.S. citizens are practically nonexistent in the United States. Describe one U.S. law that is intended as a data accuracy safeguard.

The Fair Credit Reporting Act

Health Insurance Portability and Accountability Act (1996)

The Health Insurance Portability and Accountability Act (HIPAA) (Public Law 104-191) was designed to improve the portability and continuity of health insurance coverage; to reduce fraud, waste, and abuse in health insurance and healthcare delivery; and to simplify the administration of health insurance.

Sarbanes-Oxley (SOX)

The Sarbanes-Oxley (SOX) act was created to protect shareholders and the general public from misrepresentation of financial details about a company.

The First Amendment

The Supreme Court has also ruled that the First Amendment protects the right to speak anonymously as part of the guarantee of free speech.

Communications Decency Act

The Telecommunications Act (Public Law 104-104) became law in 1996. Its primary purpose was to allow free competition among phone, cable, and TV companies. The act was broken into seven major sections or titles. Title V of the Telecommunications Act was the Communications Decency Act (CDA), aimed at protecting children from pornography. The CDA imposed $250,000 fines and prison terms of up to two years for the transmission of "indecent" material over the internet.

US-CERT

The US-CERT is a partnership between DHS and the public and private sectors that was established to protect the nation's internet infrastructure against cyberattacks by serving as a clearinghouse for information on new viruses, worms, and other computer security topics.

Consumer Privacy Bill of Rights

The United States Department of Commerce NTIA put forth a privacy multistakeholder process to develop a voluntary, enforceable code of conduct that specifies how the Consumer Privacy Bill of Rights applies to facial recognition technology in the commercial context.

Data accuracy

The definition of data accuracy and its main components: legitimacy, precision, and authenticity

misinformation and fake news

The impact of misinformation and fake news can have a far-reaching impact through carefully devious wording and repetition of misinformation on those who are not aware or too busy to check facts.

human error

The most common source of a data inaccuracy is human error.

Why is social networking used?

The number of internet users worldwide is approaching four billion or roughly half the population. Many organizations employ social networking platforms to advertise, identify, and access job candidates; improve customer service; and sell products and services.

What is the precautionary principle?

The precautionary principle is a legal and ethical guideline that states that products, technologies, and materials that may harm the public should not be released on the market until they can be shown to be safe. It essentially states that the burden of proof is on the side of safety, not harm.

predictive coding process

The predictive coding process is related to data accuracy in that predictive coding is a computer-driven process coupled with human guidance.

Primary danger of facial recognition technology

The primary danger that facial recognition technology introduces is the loss of a person's anonymity in which an individual can be recognized and precisely tracked anywhere and at any time.

health information exchange (HIE)

The process of sharing patient-level electronic health information between different organizations.

Fake News

The proliferation of online sources of information and opinion means that the internet is full of "news" accounts that are, in fact, highly opinionated, fictionalized, or satirical accounts of current events presented in a journalistic style.

Defamation

The right to freedom of expression is restricted when the expressions, whether spoken or written, are untrue and cause harm to another person.

Security Dashboard

The use of tools helps consolidate security systems into a security dashboard, allowing the organization to monitor, identify, and respond to threats.

Encryption?

There are many encryption methods to protect your network.vvvvvv

What must technology organizations know?

There are several laws that the information technology organization needs to understand that cover information protection under penalty of law.

Communications Decency Act (CDA)

Title V of the Telecommunications Act, it aimed at protecting children from pornography, including imposing $250,000 fines and prison terms of up to two years for the transmission of "indecent" material over the internet.

A real risk that exists for society today is a data breach in which personally identifying information is stolen. This can cause financial loss and identity theft.

True

Companies use many different methods to collect personal data about visitors to their websites, including depositing cookies on visitors' hard drives.`

True

Consumer data privacy has become a major marketing issue; companies that cannot protect or do not respect customer information have lost business and have become defendants in class actions stemming from privacy violations.

True

While identifying personal information that is protected, anonymous data about you may be sold to or shared with third parties without explicit consent.

True

social media marketing

Two significant advantages of social media marketing over traditional marketing are that marketers can create a conversation with viewers of their ads and that ads can be targeted to reach people with the desired demographic characteristics.

What is a challenge of secruity?

What needs encryption, and what does not?

Keep calm and carry on

When a security incident occurs, it will be best to be calm and regain control of the situation so recovery can happen.

Handling sensitive data

When collecting or handling personal or otherwise sensitive data, it is essential to keep in mind how the expectations of data subjects or other stakeholders may vary from reality.

Facebook and Google

While society still looks to governments and countries to provide structure and governance, technology giants like Google and Facebook are now gaining the same political clout, reach, and ability to sway opinion as some countries.

Gramm-Leach-Bliley Act (1999)

allows business combinations (e.g. mergers) between commercial banks, investment banks, and insurance companies, and thus permits these institutions to compete in markets that prior regulations prohibited them from entering.

FISA of 2004

authorized intelligence gathering on individuals not affiliated with any known terrorist organization (so-called "lone wolves").

Fair and Accurate Credit Transactions Act (2003)

consumers are allowed to alert the credit-rating agencies when they believe they have become the victim of identity theft

The Organisation for Economic Co-operation and Development (OECD) for the Protection of Privacy and Transborder Data Flows of Personal Data

created a set of fair information practices that are often held up as the model for organizations to adopt for the ethical treatment of consumer data.

The ECPA

deals with the protection of communications while in transit from sender to receiver; the protection of communications held in electronic storage; and the prohibition of devices from recording dialing, routing, addressing, and signaling information without a search warrant.

FISA

describes procedures for the electronic surveillance and collection of foreign intelligence information between foreign powers and agents of foreign powers.

The PATRIOT Sunsets Extension Act

granted a four-year extension of provisions of the USA PATRIOT Act that allowed roving wiretaps and searches of business records. It also extended authorization for intelligence gathering on "lone wolves."

The FISA Amendments Act of 2008

granted the NSA expanded authority to collect, without court-approved warrants, international communications as they flow through the U.S. telecommunications equipment and faciliti

FOIA

grants citizens the right to access certain information and records of the federal government upon request.

Executive Order 12333

identifies various government intelligence-gathering agencies and defines what information can be collected, retained, and disseminated by the agencies. It allows for the tangential collection of U.S. citizen data—even when those citizens are not specifically targeted.

The EU-U.S. Privacy Shield Data Transfer Program Guidelines

is a stop-gap measure that allows businesses to transfer personal data about European citizens to the United States. The guidelines were established after the European Court of Justice declared the Safe Harbor agreement invalid between the EU and the United States.

"Fair information practices"

is a term for a set of guidelines that govern the collection and use of personal data. Various organizations and countries have developed their own set of such guidelines and call them by different names.

The USA PATRIOT ACT

modified 15 existing statutes and gave sweeping new powers both to domestic law enforcement and to international intelligence agencies, including increasing the ability of law enforcement agencies to eavesdrop on telephone communication; intercept email messages; and search medical, financial, and other records. The act also eased restrictions on foreign intelligence gathering in the United States.

The Privacy Act

prohibits U.S. government agencies from concealing the existence of any personal data record-keeping system.

The Sex Offender Registration and Notification Act (SORNA)

provisions of the Adam Walsh Child Protection and Safety Act of 2006 set national standards that govern which sex offenders must register and what data must be captured.

The European Union (EU) Data Protection Directive

requires member countries to protect data transferred to non-EU countries. It also bars the export of data to countries that do not have data privacy protection standards comparable to those of the EU. After the passage of this directive, the EU and the United States worked out an agreement that allowed U.S. companies that were certified as meeting certain "safe harbor" principles to process and store data of European consumers and companies.

The Communications Assistance for Law Enforcement Act (CALEA)

requires the telecommunications industry to build tools into its products that federal investigators can use—after gaining a court order—to eavesdrop on conversations and intercept electronic communications.

The 1994 Jacob Wetterling Crimes Against Children and Sexually Violent Offender Registration Act

set requirements for sex offender registration and notification in the United States. It also requires states to create websites that provide information on sex offenders within the state.

The General Data Protection Regulation (GDPR)

takes effect in May 2018 and addresses the export of personal data outside the EU, enabling citizens to see and correct their personal data, standardizing data privacy regulations within the EU, and establishing substantial penalties for the violation of its guidelines.

The USA Freedom Act

terminated the bulk collection of telephone metadata by the NSA, instead requiring telecommunications carriers to hold the data and respond to NSA queries for data. The act also restored authorization for roving wiretaps and the tracking of lone wolf terrorists.

An exploit is an attack on an information system that takes advantage of a particular system vulnerability. Often this attack is due to poor system design or implementation.

true

An increasing number of business-oriented social networking platforms are designed to encourage and support relationships with consumers, clients, potential employees, suppliers, and business partners around the world.

true

CCTV cameras and satellite-based surveillance systems are advances in information technology that can pinpoint a person's physical location and provide many data-gathering capabilities.

true

Employers can legally reject a job applicant based on the contents of the individual's social networking profile as long as the company is not violating federal or state discrimination laws.

true

Employers have taken to monitoring their employees to stop abuses and inappropriate behaviors. Workers have few privacy rights.

true

Increasingly, consumers are using social networks to share their experiences, both good and bad, with others. Because of this, many organizations actively monitor social media networks as a means of improving customer service, retaining customers, and increasing sales.

true

Most social networking platforms have "terms of use" agreements, a privacy policy, or a content code of conduct that summarize key legal aspects regarding the use of the platform. Typically, the terms state that the platform has the right to delete material and terminate user accounts that violate its policies. These policies can be difficult to enforce.

true

Organic media marketing employs tools provided by or tailored for a particular social media platform to build a social community and interact with it by sharing posts and responding to customer comments on the organization's blog and social media accounts.

true

Organizations should put in place a social media policy to avoid legal issues and set clear guidelines and expectations for employees.

true

Over the years, several laws have been enacted to prosecute those responsible for a computer-related crime, including the Computer Fraud and Abuse Act, the Fraud and Related Activity in Connection with Access Devices Statute, the Stored Wire and Electronic Communications and Transactional Records Access Statutes, and the USA PATRIOT Act.

true

Paid media marketing involves paying a third party to broadcast an organization's display ads or sponsored messages to social network users. Two common methods of charging for paid media are cost per thousand impressions (CPM) and cost per click (CPC).

true

Social media marketing involves the use of social networks to communicate and promote the benefits of products and services.

true

Social media marketing involves the use of social networks to communicate and promote the benefits of products and services. The two primary objectives of social media marketers are raising brand awareness and driving traffic to a website to increase product sales.

true

Some 60% of employers used social media to research job candidates. Half those those found information that gave a negative impression of the candidate.

true

The First Amendment to the U.S. Constitution protects the right of freedom of expression from government interference; however, it does not prohibit free speech interference by private employers.

true

The National Center for Victims of Crime offers tips on how to combat cyberstalking.

true

The increased risk of accidents associated with social media interaction while driving, the tendency of many social media users to become narcissistic in their postings, and the ability to perform self-image manipulation are additional social media issues.

true