|← Organized Crime and Interpersonal Communication for Law Enforcement||Attempted Crimes and Punishment →|
Health Insurance Profitability and Accountability Act (HIPAA)
The main purpose of the Health Insurance Profitability and Accountability Act is to ensure workers with the health insurance coverage and establish national standards for electronic transactions of health care plans. The administrative provision also reacts on the privacy and security of the health data. The standards seek to enhance the effectiveness of a healthcare system by enforcing the use of digital data exchange in the American health care system. With regard to the information mentioned above, the criminal enforcement of HIPAA is a recent introduction. In fact, two federal agencies have resorted to different approaches to punish the individuals and entities for the HIPAA’s violation. The emergence of computer crime law allows those agencies to a different view on an analysis of such aspects, as electronic data confidentiality, information protection, and cybersecurity. In response to this problem, there are many statutes that can be employed to HIPAA, such as the computer fraud and abuse statute (CFAA) according to which:
Whoever knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conducts further the intended fraud and obtains anything of value unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $ 5000 in any 1-year period; shall be punished as provided in subsection (c) of this section 18. U. S. C. § 1030 (a) (4).
With regard to the data above, it is possible to understand how computer fraud provision could be employed in addition to the HIPAA statute. It is because the violation of the latter one can often include the unauthorized use of computer systems. For instance, an individual can take responsibility for exceeding access if the initial acceptance to the information system is allowed, though the access to the particular information is restricted. Additionally, the provision establishes minimum harm which can be met by considering forensic and other costs.
Sarbanes-Oxley Act of 2002 (Sarbox)
The essence of the Sarbanes-Oxley Act of 2002 consists of enhancing financial disclosures and corporate responsibility as well as combating accounting and corporate fraud. For these purposes, President Bush has created the Public Company Accounting Oversight Board (PCAOD). Its primary task was to take control of auditing activities (U. S. Securities and Exchange Commission, n. d.). Sarbanes-Oxley Act is closely associated with information security because it has a significant impact on general awareness. Besides, it obtains the monitoring of internal control systems in public corporations. The liability for accurate reporting of financial information has been imposed on senior management, emphasizing the potential of criminal liabilities of chief executives. Due to the fact that modern systems are computer-mediated, accurate reporting is largely dependent on secure and reliable computing environments. In order to understand how SOX influences information security, it is necessary to explore Sections 302 and 404 of the act. They are called “Corporate Responsibility for Financial Reports” and “Management Assessment of Internal Controls”. These sections provide an explanation for the analysis of such issues as security standards, effective communication, and security policies. The existence of appropriate security standards should be presented as necessary for SOX compliance. According to these standards, “A standard is typically collections of system-specific or procedural-specific requirements that must be met by everyone”. In section 302, it has been stated that the Chief Executive Officer and the Chief Financial Officer must certify individually the fact that financial reports are complete and accurate. They must also evaluate the report on the efficiency of internal control systems in terms of financial reporting. The section clearly focuses on the liability for accurate and effective financial reporting on the highest stage of the corporate government. CFOs and CEOs encounter potential and fraud liability. Further, Section 404 discusses the corporation that must evaluate the efficiency of internal controls as well as inform about the annual evaluation of SEC. In this respect, the role of computer technology is reinforced because also the financial information should be stored in the database media platforms. They should be protected from the external invasion.
Children's Online Privacy Protection Act of 1998 (COPPA)
Children’s Online Privacy Protection Act of 1998 imposes obligations on operators of online sites and services designed for kids under 13 years of age. It is related as well to the operators of other sites that focus on the actual knowledge that they gather personal information online. Due to the fact that the act operates online, the protection mechanisms should also be imposed to prevent placing inappropriate information. In fact, COPPA provides parents with control over the websites being browsed by their children. In particular, the act puts additional protections and limits access to online sites for the general audience to gather the data about someone under 13 years. Sometimes, the information about kids and adolescents could be illegal and inappropriately used by hackers and other illegal invaders. It is also a part of computer crime laws. Therefore, it is essential for the legislature to take control of these situations and adhere to cyber protection mechanisms.
The regulation of personal information is essential because it ensures proper storage and classification as well as the filtration of these data. COPPA applies to individually detected information on a child that is gathered online, including a home address, a full name, a telephone number, and an e-mail address. The Act can also cover different information, such as interests and hobbies. In this respect, the operator who is involved in this issue should be more concerned while gathering information and sign a non-disclosure act that limits his liability to reveal the personal information to the third party. Additionally, an operator should also post the link to the notice on the children’s area home page. Before gathering the information, operators must receive a parent’s consent because the information will be uploaded to the digital data. It will be used by other operators for controlling children’s activities in a virtual space.
California Database Security Breach Act of 2003
The main purpose of the California Database Security Breach Act of 2003 is to inform individuals about the fact that the security of the data stored at organizations could be compromised. The act also stipulates that if a security violation of the database that contains the personal data takes place, an organization should notify each individual about the information being maintained.
Due to the fact that CDBNSA is closely associated with information technologies, a threat of illegal penetration to the database is possible. In this respect, numerous cases of hacking and illegal invasion prove that the introduction of computer crime laws is an obligatory condition. Therefore, Skinner has conducted research in which he has found that there were cases of stolen records. They included social security numbers, names, and addresses of students from the University of Texas at Austin in March 2003. In February 2003, a computer was stolen from TriWest Healthcare Association that contained the health records of about 500,000 employees from the U.S. Department of Defense. There are many other links to the crime related to computer security. Therefore, the act under analysis is the best option that reinforces the protection and provides restricted access to the information on the personnel. Additionally, Skinner (2003) believes, “there is not a strong organizational culture of data security throughout many organizations, even though they maintain or have access to the personal data of millions of Americans” (p. 2). Therefore, computer security is often ignored, but in fact, it should be considered as a priority by many organizations. The absence of a strong culture leads to the inability to regulate the information exchange efficiently. In response to this problem, California governmental agencies and physical entities must possess the computerized personal information according to which they are prohibited to disclose any information about clients.
The Computer Security Act
The computer security act has been accepted to enhance the privacy and security of sensitive information that is stored in federal computer systems. The act also aims to establish acceptable security regulations for these systems that require creating some computer protection schemes. It should be done along with relevant training systems where the system house sensitive data are delivered. Therefore, the main task of the act is to deliver a safe computer environment and reduce the number of invasions. In general, the federal government fails to regulate efficiently the security of computer systems. Nonetheless, the federal government requires certain data stored on the non-government system to be secured against illegal access for privacy considerations. As soon as this act has been established, the computer crime rate could be reduced considerably. It is because of the increased control of these approaches to managing these security issues.
A range of regulatory agencies is authorized to enforce and develop standards for storing different kinds of information. For instance, the Secretary of Health and Human Services is entitled to enforce and create standards for protecting and limiting access to medical information. These actions are logically explained because they promote adherence to existing computer crime laws. Despite the fact it currently has a restricted role in protecting the nation’s information infrastructure the federal government encourages the development of a private sector, both local and state. Therefore, it is also aimed at reinforcing specifically in the Homeland Security Presidential Directive. What is more important is that the government is concerned with the development of a national strategy that would protect the federal confidential information from hacking and illegal invasion in a virtual space of federal agencies. Hence, a task of the government is to investigate and prosecute computer crimes, assist local and state law enforcement as well as develop the nation’s expertise.
The Privacy Act of 1974
The Privacy Act of 1974 focuses on the protection of personal privacy by controlling the misuse of information by Federal Agencies. The act also seeks to take control of the collection of the personal information that is used and distributed by agencies in the field of the executive legislature. The act employs in controlling a system of records. As defined in the Privacy Act, the system of record refers to “a group of any record under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual”. The Privacy Act discusses three main rights. First of all, there is the right to consider the personal records of oneself. Second, the individuals have the right to amend inaccurate and irrelevant records. Finally, individuals are entitled to be protected against the illegal invasion of their personal information caused by the inappropriate collection, use, maintenance, and disclosure of personal information. Hence, both U.S. citizens and foreigners could be lawfully accepted for the permanent residence and make a request on the personal information.
The act presented above allows individuals to enter their personal data, but only when they receive legal permission. In such a way, it is possible to prevent computer crimes and deliver new means of transporting information. The computer fraud can also be eliminated because an individual does not have the right to access the data unless the identity is defined. Additionally, the individual cannot access the personal information of another person. Requests received under the Privacy Act are constantly updated and processed to ensure the privacy and security of the incoming information about the personal data.
Uniform Electronic Transactions Act
Developed and released by the National Conference of the Commissioners on Uniform State Laws, the Uniform Electronic Transaction Act seeks to create a legal framework for using electronic signatures in business or governmental transactions. The act processes electronic signatures and records and makes them legalized and signed. It is used only for the transactions in which the parties have agreed to conduct those transactions electronically. They have signed an agreement that should also adhere to the principles of the act and have the responsibility for keeping the private information while not revealing it to the third parties. The principles in UETA are premised on the basis of the electronic information protected by specific codes. Therefore, only the parties involved in the agreement have access to these transactions. A need to focus on the legal requirements is essential because it can contribute to the increased safety of agreements concluded electronically as compared to those that have been signed on paper.
Although an electronic agreement can also undergo risks of the illegal invasion, paper agreements are even more dangerous in terms of their probability of accessing private and confidential information. Therefore, the Act is one of the essential contributions to the reduction of computer crime laws. It contains the provision that prohibits the individuals to reveal the information to the third parties. Thus, electronic commerce has become an efficient means for individuals to conclude an agreement through telephone and computers making the World Wide Web as a powerful market space for carrying out business activities. The main advantage of this type of transactions lies in greater security of information transferred between the parties. Moreover, it is cost-effective in terms of the time spent on organizing meetings and developing new provisions.
Electronic Signatures in Global and National Commerce Act.
The Electronic Signatures in Global and National Commerce Act has been accepted by the U. S. Congress to promote the application of electronic signatures and records. It has been approved for enhancing a legal effect and validity of contracts that developed them electronically. Despite the fact that each state can rely on the personal legislature on electronic signatures, there is still no single law that would provide universal regulations for commerce among states. Therefore, this act contributes greatly to the development of new issues and laws. They would take greater control of legal procedures while signing those agreements. What is more important is that the legal provisions can become a common rule for conducting commercial transactions among states. It can also remove controversies based on the inconsistencies and differences among state laws on managing electronic signatures. Such a holistic approach is a step forward toward greater protection and security of the confidential data delivered by the means of computer space.
The sections of the Act refer to the development of transactions that do not deny the legal influence, enforceability, and validity because an electronic record and signature have been both used for concluding an agreement. What is more important is that such signatures are essential for preserving and delivering a transparent and safe ground for concluding contracts and ensuring a high level of laws and signatures. According to the provisions of the Act, consumers should also confirm “consent electronically, in a manner that reasonably demonstrates that the consumer can access information in the electronic form that will be used to provide the information that is the subject of the consent”. Additionally, such a system is an accurate representation of activities. The act can also be updated constantly, and each party of the contract can track any changes in the agreement. It is not possible when the contract is concluded in a traditional manner. There is also the provision stipulating that if the law demands a business to retain a transaction record, the business should meet the requirement by maintaining an electronic record. It should occur until the record accurately delivers the essence of the contract. It could be accessed by individuals who have the permission to access this document “in a form that is capable of being accurately reproduced for later reference, whether by transmission, printing or otherwise”.
Uniform Computer Information Transactions Act
The Uniform Computer Information Transactions Act (2002) focuses on the protection, storage, and processing of computer information. It also mentions the major principles of information exchange within the electronic system. The act provides a list of terms and definitions that are used for managing the digital environment and for securing the data against the illegal invasion. All the sections represented here are applied to computer transactions and records. For instance, Section 103 focuses on the computer information and goods, according to which “if a transaction includes computer information and goods, this [Act] applies to the part of the transaction involving computer information, information rights in it and creation or modification of it”. The Act also focuses on the development of a new digital framework through which buyers and sellers can tackle a trade operation and carry out an important business transaction. The act contains all necessary rules and conditions under which all computer data, including pictures, the textual information, and video will be protected from the illegal and unauthorized invasion of the third parties. The financial information and communication channels have also been taken into consideration to deliver a safe environment in which business relations could be established. In the light of the computer development and an era of online commerce, this act is an inherent condition for protecting the confidential data and delivering a transparent and legitimate environment for all the parties involved into transactions.
Apart from a safe computer-mediated environment, the Act also offers specific technical support, including sound recording, video presentations, and other media devices. They can enhance the effect of transactions. In such a way, it is also possible to contribute to the development of computer crime laws and introduce a new virtual space, in which clients and sellers can interact safely. The task of the business parties is to develop an algorithm through which they can attract their clients online and offer a range of beneficial services as well as goods. The introduction of electronic records and signatures is also indispensable for reducing the amount of time spent on arranging life meetings. Indeed, online conferences can serve as a valuable substitute for a traditional form of communication and interaction between the partners.
- Attempted Crimes and Punishment
- Australian Consumer Law
- Organized Crime and Interpersonal Communication for Law Enforcement