Cyber Security Law and its Privacy implications are an evolving entity. With the passing of the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) laws, governments have taking a massive step forward in protecting consumer information. These are just two regulations that have been passed recently. Previously there has been the Health Insurance Portability and Accountability Act, to keep patient health records secure and confidential, the Family Educational Rights and Privacy Act (FERPA) to protect children's privacy, and many others. Knowing which laws apply and staying abreast of upcoming legislation is another of the responsibilities of cyber security professionals.
The final project of this course was to design a cyber security legal program for an organization. The organization is a medium-sized retail operation that does the majority of business online. Suppliers are located around the world and customers can make purchases from anywhere in the world. Given that fact, the legal program needs to be informed and robust enough to withstand litigation in any of the countries a challenge may arise.
This proved to be a challenging endeavor. The project had to take into account international trade laws, local trade laws, national and local privacy laws, laws concerning monetary transactions, and compliance requirements for the collection and storage of data.
The ethical implications of not being diligent in this area could have serious consequences for an organization. Ignorance of the law is not an excuse to break it.