Framework

The primary purpose of RIPA was to give law enforcement and the security services greater powers of surveillance. Here is the summary:

"...Any interception of a communication which is carried out at any place in the United Kingdom by, or with the express or implied consent of, a person having the right to control the operation or the use of a private telecommunication system shall be actionable at the suit or instance of the sender or recipient, or intended recipient, of the communication if it is without lawful authority and is either

1. an interception of that communication in the course of its transmission by means of that private system; or

Nevada Privacy Law requiring a company that transfers customer personal information outside of its secure system through an electronic transmission to use encryption. This law is effective since October 1, 2008 and after several ammendments will be effective in January 1, 2010.

Encryption requirements:
A company that does not accept a payment card (a credit card, charge card, debit card or similar card) in connection with a sale of goods or services must use encryption

1. To transfer any personal information through an electronic, nonvoice transmission (other than a facsimile) outside the company's secure system or

Massachusetts Privacy Law Security Standards:
- Written information security program
- Passwords, encryption for laptops
- Risk assessments
- Security policies around records retention
- Policies and procedures to prevent terminated employees from gaining access
- Physical access control policies and procedures
- Security incident response policies
- Monitoring for unauthorized access
- Encryption of PII on laptops and other portable devices
- Encryption of PII data in transmission

Effective: 1 January 2009

Download Free SWOT Analysis and Resulting Strategy Templates

SWOT Analysis
- Strengths
- Management
- Practices
- Relationships with vendors, dealers, partners
- Design and engineering
- Lean cost structure
- Capacity

The Gramm-Leach-Bliley Act (GLBA) was enacted by the United States government in 1999. GLBA, also known as the Financial Services Modernization Act of 1999, protects the privacy and security of private financial information that financial institutions collect, hold, and process. The privacy component of this act requires financial institutions to provide customers with an annual notice of their privacy practices, and to provide them the option to direct financial institutions not to share such information.

The safeguards component of the regulation requires financial institutions to establish a comprehensive security program to