• Home
  • Blog

Welcome

Jesse Chin

Sample: Cyber Law Client/ Vendor Memo

Subject: Privacy and Data Memorandum

Date: 3/22/2023

            To better accommodate the ongoing issue regarding privacy laws and the protection of data in Numenor, this memo will provide background information regarding privacy laws as well as explanations pertaining to the various types of data concerned in association with public concerns. Privacy, by definition, is the state of being unmonitored within necessary aspects, pertaining to personal information, it is the right of how said information is accessed and used. In essence, privacy rights regarding information pertains to who we as individuals allow access to our personal information and what they are allowed to do with it, if we allow the disclosure of that information at all. To go further into detail, certain types of information can assist in personally identifying an individual (legal name, birth date, SSN, etc.) which is known as Personally Identifiable Information, or PII. In other states and countries, certain laws and regulations are enacted to management/ protect how these various forms of data can be acquired or what is legally allowed once this information is obtained. The concerns of Numenor currently revolve around the fundamental protection that these outside laws provide: how PII is being gathered, what organizations are legally allowed to obtain said information, what can said organizations do with this data, and so on. The core concern deriving from the lack of protection and laws have led citizens to be concerned over their privacy and safety due to the effect that currently there are no legal concerns over how this data is obtained and there’s no regulations on how authorized organizations are to manage and protect PII. This lack of awareness endangers individuals by making them vulnerable to identity theft, financial theft, and unauthorized usage of their personal information.

            As previously stated, PII is any form of data that can be used to assist in singularly identifying an individual. Basic examples were listed such as name and SSN, however, technically any form of data can be PII. Personally Identifiable Information does not generally come from data in a singular category, rather any data that was not originally PII can become so depending on other forms of data that is made publicly available. For instance, an apartment number may not initially identify any specific person; however, paid the apartment number with an actual street address and it becomes easier to identify the resident. PII can be divided into various categories depending on what that information is used for. One such example is biometric data, information pertaining to an individual’s physical and biological characteristic. Generally, these can be identified as voice print, fingerprints, retinas, iris, and so on. Current applications for biometric data include: mobile device security, physical access to buildings, and smart devices. The lack of security regulations and privacy laws leave said applications open to vulnerabilities.

            Many citizens have spoken on wanting regulations similar to the GDPR. To summarize, the General Data Protection Regulations are legislations created by the E.U. that regulate and enforce certain protections involving personalized data, privacy rights, and the management of said data. The GDPR has 7 overlying principles for data privacy. In short, the usage of management of personal data should be legal and fully communicated to the owner, the data must be used for its tended purpose, never collect any more information than necessary, all data must be accurate, the usage of said data must be done in a secure and private way to prevent exposure, and all parties in proximity of said data must be held accountable as needed. Regarding privacy, individuals have the right to be informed of who has accessed their PII, they have the right to access it themselves, the right to update any errors of info., the right to erase any data, the right to usage of certain datas, the right to access data from anywhere as needed, etc. The GDPR covers any aspect of privacy and data-protection regarding whether the individual or obtaining organization is physically located in the E.U. or pertains to the E.U even if not physically located within.

            Each individual state within the U.S., as well as other countries, have their own legislations regarding privacy and data protection. In the state of California, under the California Consumer Privacy Act, an individual may request verification on what information a business has collected on them, as well as request the termination of any piece of information they don’t want an organization to possess. In the state of Connecticut, a law will go eff. July 1, 2023 providing stricter guidelines of how personal data is to be safeguarded within organizations that have obtained permission to collect said data, as well as provide individuals rights to, at any point, update or delete personal data, as well as opt of providing data is requested. The state of Nevada requires online websites that ask for personal info., to allow users the option to opt out of have their info be sold to 3rd parties. While there are numerous federal laws that require specific standards to protect certain types of data, such as HIPAA laws for PHI (personal health information), each state within the U.S. also have their own standards for how personal data and privacy should be managed as well.

            Based on the information provided thus far, my professional opinion would be to have data protection and privacy laws passed on both state and federal levels. However, as Governor, I understand your jurisdiction is only to your own state. There are benefits to having state jurisdiction versus federal jurisdiction though. In the United States, federal legislations and jurisdictions take precedence over state regulations. This helps unify legislations for all citizens to follow. This means federal laws out-rule state laws. However, the down-side is, as the U.S. is a democracy, it may be harder to pass certain federal regulations as it requires more debate among Congress and not every vote is unified. In opposition, it is easier to pass state legislations as Governor you need only to convince the governing party of your state although the downfall is these legislations will only be abided by those who are currently in your state, meaning you can only protect those within Numenor. In my honest opinion, it would be wise to focus on Numenor for now. By passing privacy and data protection laws, you will be able to record data exemplifying the benefits of these legislations. Then, once you have the data to prove these benefits, you can focus on attempting to have the federal government establish legislations for the entire country to follow using Numenor as a leading example.

Leave a comment

Digital Forensics Lab Memo

Cyber Forensics Lab Memo SampleDownload
Digital Forensics Lab: Sample Floor Plan Design
Leave a comment

Cybersecurity Awareness Training Research

CSAT Research PaperDownload
Leave a comment

Digital Forensics Lab: Sample Floor Plan Design

A simple 2-D floor plan for a digital forensics lab. The layout was initially designed for a criminal justice environment; but can be adapted to suit the specific needs of the organization, especially for those in the private sector.

Leave a comment

Sample Work: Post Assessment Report

Sample Post-Vulnerabiltiy Assessment ReportDownload

Leave a comment

    Categories

    • Uncategorized

    WordPress Theme Custom Community 2 developed by Macho Themes

    We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Accept