Authors: Rebecca Herold, Edward H. Freeman
ISBN-13: 9780849312489, ISBN-10: 0849312485
Format: Hardcover
Publisher: Taylor & Francis, Inc.
Date Published: December 2001
Edition: (Non-applicable)
Today, more than ever, organizations have to cope with increased concerns regarding privacy issues. These concerns are not limited to consumer fears about how information collected by Web sites will be used or misused. They also involve broader issues, including data collected for direct response marketing, privacy of financial and health records, identity theft, and fraud. Employees are raising questions about acceptable use of phones, e-mail, the Web, and if and when employers can monitor use. Employers find that without policies governing use of these assets, they have no legal basis for action against employees.
The Privacy Papers: Managing Technology, Consumer, Employee, and Legislative Actions is a book for C-level executives, IT managers, HR managers, security officers, privacy officers, and legal professionals. It covers all aspects of technology and legislation that enable privacy and also those that place it at risk. This how-to guide presents sample policies for employee training, awareness, and acceptable use; covers why companies must protect data and how to do it; describes the technology that makes information more private; and lists and summarizes major federal and international privacy legislation.
Corporate espionage can put sensitive company information such as intellectual property, product development, marketing plans, and customer files at risk. With the ever-increasing legislation concerning privacy, it is important for executives to stay up to date. The Privacy Papers will ensure that any company conducting business domestically or internationally will understand how policies governing use of their assets will affect daily operations.
Foreword | xv | |
Preface | xix | |
Introduction | xxi | |
Section I | Business Organization Issues | 1 |
Part A | E-Mail Policies | |
Chapter 1 | E-Mail: Balancing Corporate Assets and Employee Privacy | 3 |
Chapter 2 | Control Issues in an E- Mail Personal Privacy Invasion Prevention Policy | 15 |
Part B | Monitoring Policies | |
Chapter 3 | Developing an Organizational Internet Policy | 23 |
Chapter 4 | Computer Forensics and Privacy: At What Price Do We Police the Internet? | 33 |
Part C | Customer Web Privacy Policies | |
Chapter 5 | Policies for Secure Personal Data | 41 |
Part D | Education and Awareness Training | |
Chapter 6 | Making Security Awareness Happen | 51 |
Part E | Keeping Personal Information Private | |
Chapter 7 | The Case for Privacy | 85 |
Part F | Attorney--Client Privilege and Electronic Communications | |
Chapter 8 | Attorney--Client Privilege and Electronic Data Transmission | 93 |
Part G | Corporate Spies | |
Chapter 9 | Computer Crime and Analysis of Computer Evidence: It Ain't Just Hackers and Phreakers Anymore! | 103 |
Chapter 10 | A Tale of Two Spies: The Outside Hacker and the Trusted Insider | 111 |
Part H | Auditing and Privacy | |
Chapter 11 | Federal Laws Affecting IS Auditors | 117 |
Part I | Computer Forensics | |
Chapter 12 | Computer Forensics | 135 |
Part J | Electronic Identifiers | |
Chapter 13 | The Dangerous Precedent Set in the Use of Electronic Identifiers | 151 |
Part K | International Communications | |
Chapter 14 | Jurisdictional Issues in Global Transmissions | 161 |
Part L | Anonymous Internet Activity | |
Chapter 15 | Anonymity on the Internet: ACLU of Georgia v. Miller | 173 |
Part M | E-Commerce and Confidentiality Issues | |
Chapter 16 | The Continuing Disintegration of Confidentiality | 181 |
Chapter 17 | Selected Security and Legal Issues in E-Commerce | 189 |
Part N | Information Security and Privacy Officer Roles | |
Chapter 18 | Security Awareness Program and Information Security Roles | 199 |
Chapter 19 | Information Security Standards: Deluge and Dearth | 215 |
Chapter 20 | The Role of the Chief Medical Information Officer | 223 |
Part O | Health-Related Information | |
Chapter 21 | Information Security Management in the Healthcare Industry | 239 |
Part P | Criminal Internet Activity | |
Chapter 22 | Criminal Activity on the Internet | 255 |
Part Q | Identity Theft | |
Chapter 23 | Identity Theft: Who Are You Anyway? | 267 |
Chapter 24 | ID Theft: When Bad Things Happen to Your Good Name | 275 |
Part R | Legal Primer for ISPs | |
Chapter 25 | To Disclose or Not to Disclose: A Legal Primer for ISPs | 299 |
Section II | Tools and Related Technology | 315 |
Part A | Encryption and Cryptography | |
Chapter 26 | Selecting a Cryptographic System | 317 |
Part B | Steganography | |
Chapter 27 | A New Paradigm Hidden in Steganography | 331 |
Part C | Cookies and Profiling | |
Chapter 28 | Cookies and Web Bugs: What They Are and How They Work Together | 351 |
Chapter 29 | Online Profiling: Benefits and Concerns | 365 |
Part D | Monitoring and Content Filtering | |
Chapter 30 | Where Is the IDS? | 377 |
Chapter 31 | Internet Acceptable Use Policies: Navigating the Management, Legal, and Technical Issues | 385 |
Chapter 32 | Ethics and the Internet | 395 |
Part E | Wireless Communications | |
Chapter 33 | Security of Wireless Local Area Networks | 411 |
Part F | Data Mining and Customer Retention Management | |
Chapter 34 | Customer Relationship Management and Data Warehousing | 421 |
Part G | Third-Party Assurance Privacy and Security Certifications | |
Chapter 35 | Anonymity, Privacy, and Trust | 431 |
Chapter 36 | Web Certification: A Benchmark for Trustworthy Commerce | 437 |
Part H | Confidentiality Agreements | |
Chapter 37 | Get It in Writing | 443 |
Section III | United States of America Laws and Issues | 447 |
Part A | Health Insurance Portability and Accountability Act of 1996 (HIPAA) | |
Chapter 38 | Standards for Privacy of Individually Identifiable Health Information | 449 |
Chapter 39 | Health Privacy Regulation Enhances Protection of Patient Records but Raises Practical Concerns | 493 |
Part B | Gramm--Leach--Bliley Act (GLB) (1999) | |
Chapter 40 | Financial Services Modernization Act | 509 |
Chapter 41 | Gramm--Leach--Bliley (GLB) Financial Services Modernization Act | 517 |
Part C | Overviews of other U.S. Privacy-Related Laws and Regulations | |
Chapter 42 | Overviews of Privacy-Related U.S. Laws and Regulations | 529 |
Part D | Bills Under Consideration | |
Chapter 43 | U.S. Bills Under Consideration | 539 |
Part E | Government Surveillance on the Internet | |
Chapter 44 | Internet Security and Privacy | 543 |
Chapter 45 | Independent Review of the Carnivore System for the Department of Justice | 555 |
Section IV | International Laws and Issues | 567 |
Part A | European Union Data Protection Directive (1995) | |
Chapter 46 | The European Data Protection Directive: A Roadblock to International Trade? | 569 |
Chapter 47 | Data Privacy Directive 95/46 EC: Protecting Personal Data and Ensuring Free Movement of Data | 583 |
Part B | Safe Harbor | |
Chapter 48 | Safe Harbor Overview | 619 |
Part C | Lists and Overviews of Other International Laws, Regulations and Issues | |
Chapter 49 | International Privacy Laws | 625 |
Section V | Appendix | 633 |
Chapter 50 | Privacy Resources | 635 |
About the Editor | 639 | |
Index | 641 |