Criminal Law
Most cybercrime falls under this category. Society is the victim in these cases
The proof has to be beyond a reasonable doubt
The goal is to punish the criminal and deter other from doing the same
Civil Law (Tort Law)
Individuals, groups or organizations are the victim
The proof must be the majority of the proof
Financial fines are enforced
Administrative Law (Regulatory Law)
Created by government agencies
e.g. HIPPA
Private Regulations
Compliance is required by contract
It is a standard not a law
e.g. PCI DSS
Customary Law
Mostly handles personal conduct and patterns of behavior
Founded in the traditions and customs of a region
Religious Law
Based on the religious beliefs in a area of country
Include code of ethics and morality that need to be upheld
Health Insurance Portability and Accountability Act (HIPAA)
US federal law that regulates patient Protected Health Information
Privacy: Health Data needs to be kept private
Security: Companies handling PHI have to implement appropriate security measures
Breach Notification: If a leak occurs the public has to be informed on the same
If the data is encrypted then it does not have to be reported
Electronic Communications Privacy Act (ECPA)
Protect electronic communications against warrantless wiretapping
Weakened by Patriot Act
PATRIOT Act of 2001
Expanded law enforcement agencies electronic monitoring capabilities
Can monitor all communication to and from a person using a single warrant
Eases the restriction on foreign intelligence gathering in the US
Computer Fraud and Abuse Act (CFAA)
Part of Title 18 Section 1030
Commonly used law to prosecute computer crimes
Payment Card Industry Data Security Standard (PCI-DSS)
A set of security standards designed to ensure ALL companies that accepts, process, store or transmit credit card information maintain a secure environment
General Data Protection Regulation (GDPR)
Regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA)