Читать книгу The Official (ISC)2 CISSP CBK Reference - Leslie Fife, Aaron Kraus - Страница 77
Privacy
ОглавлениеPrivacy and information security go hand in hand. As discussed earlier in this chapter, privacy is effectively the security principle of confidentiality applied to personal data. There are several important regulations around the globe that establish privacy and data protection requirements. As a security professional, it's important that you understand each privacy regulation that governs your jurisdiction. As a CISSP, you may be familiar with the following regulations, among others, depending on your jurisdiction:
U.S. Federal Privacy Act of 1974
U.S. Health Insurance Portability and Accountability Act (HIPAA) of 1996
U.S. Children's Online Privacy Protection Act (COPPA) of 1998
U.S. Gramm-Leach-Bliley Act (GLBA) of 1999
U.S. Health Information Technology for Economic and Clinical Health Act (HITECH) of 2009
Data Protection Directive (EU)
Data Protection Act 1998 (UK)
Safe Harbor
EU-US Privacy Shield
General Data Protection Regulation (GDPR) (EU)
NOTE The Asia-Pacific Economic Cooperation (APEC) Privacy Framework is intended to provide member nations and economies with a flexible and consistent approach to information privacy protection without unnecessarily stifling information flow. Although it's not a law or regulation, the APEC Privacy Framework aims to improve information sharing with a common set of privacy principles and is worth reading if you do business in an APEC member economy.