Electronic Communications Privacy Act

These two federal statutes, while not mandating information security procedures, create serious criminal penalties for any persons who gain unauthorized access to electronic records. Unlike laws such as HIPAA and GLBA, these two statues broadly apply, regardless of the type of electronic records that are involved.The Electronic Communications Privacy Act (ECPA) makes it a federal felony to use or intercept the contents of electronic communications without authorization. In addition, the Computer Fraud and Abuse Act of 1984 (CFAA) makes it a felony to gain unauthorized access to a very wide range of computer systems (including financial institutions, the federal government, and any protected computer system used in interstate commerce).

Electronic Communications Privacy Act regulates the monitoring of online information unless specific legal directives make exceptions.

Computer Fraud and Abuse Act of 1986, 18 U.S.C. 1001, established felony penalties for breaking into federal interest computer systems and penalties for illegally obtained computer password trafficking. Essentially this law clarified that unauthorized computer entry was considered illegal. In the early 1980s, entry into U.S. federal computer systems was not considered illegal.

Healthcare Insurance Portability and Accountability Act (HIPAA) provides guidance on how confidential patient information can be treated and accessed.