Contents

U.S. Regulations & Legal Aspects of Privacy

1. Financial

2. Healthcare

3. Personal Privacy and the Federal Government

4. Homeland Security

5. North American Electric Reliability Corporation (NERC)

6. Cybersecurity

7. Compliance and Enforcement

8. Conclusion

9. References

Legal Aspects of Privacy

• Financial

• Healthcare

• Personal Privacy and the Government

• Homeland Security

Financial

The Gramm-Leach-Bliley Act

• Consumer Financial Privacy - Federal Trade Commission (FTC)

• Privacy of Consumer Financial Information Rule (16 C.F.R. Part 313)

Sarbanes-Oxley Act of 2002 (SOX)

• Protect Investors from fraudulent accounting activities by corporations

• Corporate Responsibility Act of 2002

• Section 302: senior management to certify the accuracy of the reported financial statement of the corporation

• Section 404: management and auditors must have internal controls in place and report on the adequacy of the controls.

Healthcare

Health Insurance Portability and Accountability Act (HIPAA)

• Protection of personal information within healthcare and health insurance industries

• Protect personal information for theft and fraud

• Patient authorization over their data

• 45 CFR Part 160 – Subparts A and E of Part 164

Personal Privacy and the Federal Government

Privacy Act of 1974

• Regulates the collection, maintenance, use , and sharing of personal information by federal agencies

• Department of Justice Office of Privacy and Civil Liberties (OPCL)

• 5, U.S. Code. Section 552a Records maintained on individuals

Homeland Security

Federal Information Modernization Act (FISMA)

• Federal data security standards and guidelines

• All federal agencies information security protocols to protect federal data

• S.2521 is the 2014 updated act

North American Electric Reliability Corporation (NERC)

• Federal Energy regulatory Commission

• Reduce risk to the North American Power grid – Nonprofit -U.S., Canada, Northern Baja Mexico

Homeland Security

Homeland Security Presidential Directives (HSPDs) – Issued by the President of the U.S. and be revoked or left active indefinitely:#### Key Highlights:

1. Homeland Security Council
2. Immigration Policy
3. HSPD 5 Emergency Incident Management Systems
4. HSPD 7 Protect key infrastructure
5. HSPD 8 Federal emergency preparedness
6. HSPD Protect Food and Agriculture
7. HSPD 12 Identification process for entry into all federal buildings
8. HSPD 13 Maritime security
9. HSPD 14 Domestic Nuclear and radioactive material detection
10. HSPD 20 Government operations in catastrophic emergency
11. HSPD 21 Disaster healthcare processes for all related organizations
12. HSPD 23 Cybersecurity

Homeland Security

U.S. Patriot Act - Department of Justice - Prevent future terror attacks

1. The Patriot Act allows investigators to use the tools that were already available to investigate organized crime and drug trafficking

2. The Patriot Act facilitated information sharing and cooperation among government agencies so that they can better "connect the dots.

3. The Patriot Act updated the law to reflect new technologies and new threats.

4. The Patriot Act increased the penalties for those who commit terrorist crimes

North American Electric Reliability Corporation (NERC)

• Established June 1, 1968 (National Electric Reliability Council). The Non-profit (North American Electric Reliability Corporation) was created in March 28, 2006

• Created to ensure the reliability if the North American bulk power systems

• Assure the effective and efficient reduction of risks to the reliability and security of the bulk power systems

• Standard provides a cybersecurity framework for the identification and protection of critical cyber assets that control or affect the reliability of North American bulk power systems.

• 1600 bulk power system users, owners, and operators. The regulations apply to all electric utilities and other entities (co-ops, etc.) that own or operate generation, transmission, or other facilities (substations) in the bulk electric system.

Cybersecurity Focus

• Cybersecurity threats to the electric grid have become a reality—particularly in the past decade

• Proactively addressing these threats is critical to ensuring the security and reliability of the electric grid. NERC, FERC and DOE have been active in this area and are coordinating their efforts to ensure that cybersecurity threats to the North American grid are minimized and, ultimately, prevented entirely

Cybersecurity Focus

Cybersecurity Systems:

1. High Impact BES Cyber Systems

2. Medium Impact BES Cyber Systems

3. Electronic Access Control or Monitoring Systems (EACMS)

4. Physical Access Control Systems (PACS)

5. Protected Cyber Assets (PCA)

Compliance and Enforcement

• These reliability standards apply to electric utilities and other entities that own or operate generation, transmission, or other facilities in the bulk electric system

• Entities found to be in violation of reliability standards are subject to financial penalties and other enforcement actions. NERC has offices in Atlanta, Georgia and Washington, D.C.

Conclusion

Financial:

• The Gramm-Leach-Bliley-Act

• Sarbanes-Oxley Act of 2002

Healthcare:

• Health Insurance Portability and Accountability Act (HIPPA)

Personal Privacy and the Government:

• Privacy Act of 1974

Homeland Security:

• Federal Information Security Moderization Act (FISMA)

• North American Electric Reliability Corporation (NERC)

• Homeland Security Presidential Directives (HSPDs)

• U.S. Patriot Act