Electronic Communications Privacy Act and Computer Fraud and Abuse Act in Security Project Perspective

These two federal statutes, while not mandating information security procedures, create serious criminal penalties for any persons who gain unauthorized access to electronic records. Unlike laws such as HIPAA and GLBA, these two statues broadly apply, regardless of the type of electronic records that are involved.The Electronic Communications Privacy Act (ECPA) makes it a federal felony to use or intercept the contents of electronic communications without authorization. In addition, the Computer Fraud and Abuse Act of 1984 (CFAA) makes it a felony to gain unauthorized access to a very wide range of computer systems (including financial institutions, the federal government, and any protected computer system used in interstate commerce). As a result, IT security professionals, especially outside consultants who may test client security (i.e., try to hack into a system to gain unauthorized access) must take great care, and rely on qualified and experienced legal professionals to ensure they receive authorizations from their clients that are broad and specific enough to mitigate potential criminal liability under the ECPA and the CFAA.
[IT Security Project Management, Susan Snedaker 2006]

CompliancesForum provide FREE template, checklist, and update for your Regulatory Compliance need: Basel II Accord, Gramm Leach Bliley (GLBA), Healthcare Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standards (PCI DSS), Sarbanes Oxley Act (SOA)

Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Reddit
  • Google
  • Yahoo
  • Technorati

User login

Who's online

There are currently 0 users and 2 guests online.

Who's new

  • raymond_germanos
  • VoithDootte
  • ProfessorTyres
  • ditSquild
  • Accuggerage