Lesson 1: Privacy Privacy- is the right to be left alone-the most comprehensive of rights and the right most valued

by a free people. Information privacy (according to Roger Clarke) is the combination of communications privacy (the ability to communicate with others without those communication being monitored by other persons & organization) and data privacy (the ability to limit access to ones personal data by other individuals & organization in order to control over that data and its use. Facts: 89% of childrens website collects personal information PRIVACY LAWS & APPLICATIONS 1. Financial Data individuals must reveal much of personal financial data in order to take advantage of the wide range of financial products and services available. Fair Credit Reporting Act (1970) regulates the operations of credit card reporting bureau including how they correct store and use credit information.

3. Childrens Personal Data 31 hours per week (UK) need to protect children from being exposed to inappropriate material online or other inappropriate behavior. Childrens Online Privacy Protection Act (COPPA) 1998 any website that caters to children must offer comprehensive privacy policies, notify parents or guardians about its data collection practices & receive parental consent before collect any personal info from children under 13 years of age. - BONZ | software - $400, 000 4. Electronic Surveillance covers laws that address electronic and government surveillances. Communications Act of 1934 gave responsibility of regulating all non-federal government use of radio & tv broadcasting. - Restricted government ability to secretly intercepts communication Title III of Omnibus Crime Control and Safe Street Acts aka Wiretap Act, regulates the interception of telephone wires & oral communication. - Allows states & federal law enforcement officials to use wiretapping but with limitations. Foreign Intelligence Surveillance Act (FISA) of 1978 describes procedures for the electronic surveillance and collection of foreign powers. USA Patriot Act (2001) Uniting & strengthening America by Providing Appropriate Tool Required to Intercept and Obstruct Terrorism - It gave sweeping powers both to domestic & international agencies to search telephone email, medical and other records. - 340 pages.

2. Health Information use of electronic medical records and the subsequent interlinking and transferring of electronic information among different organization - Individuals are rightly concerned about the of data especially the privacy concerning their health. Health Insurance Portability and Accountability Act (HIPAA 1996) was designed to improve portability and continuity of health insurance service and coverage, reducing fraud, and abuse of health insurance 1500 pages of specific rules 1.5 million healthcare providers

European Union Data Protection Directive (1998) 15 Western European nations to implements a set of privacy directives on fair & appropriate use of information.

EUPD Principles: a. Notice tell all customers what is done with their info. b. Choice gives the customers choice of data they would want to share c. Access customers may access their info. d. Security protect from unauthorized access e. Data Integrity data is accurate and relevant f. Enforcement enforce data privacy policy Philippines Privacy Laws: Article III Sec.2 0f 1987 Constitution: The right of the people to be secure in their persons, houses, papers, and affects against unreasonable searches of whatever nature and for any purpose shall be inviolable. Data Privacy Act (Senate Bill No. 2965) o Enforcement Agency: National Privacy Commission o Chapter 4 Rights of the Data Subject o Chapter 5 Security of Information (Personal) o Chapter 7 Penalties Sec 22 Unauthorized Processing of Personal Information and Sensitive Personal Information 3 years imprisonment 2M Php Sec 23 Accessing Personal Info Due to Negligence 3 years imprisonment 2M Php Sec 26 Unauthorized Access 3 years imprisonment

2M Php Sec 34 By public officer Dismissal Sec 31 Combination of Series of Act 6 years imprisonment 5M Php

Privacy Issues 1. Identity Theft occurs when someone steals key pieces of personal information to impersonate a person Safeguards: a. Completely and irrevocably destroy digital identity data on used equipment b. Beware of shoulder surfing c. Minimize personal data shown on checks & public documents d. Update your inbox / mail regularly e. Treat your credit card receipt safely f. Use hard to guess passwords and PINS Approaches applied by identity thieves: a. Data breaches b. Phishing to entice users to willingly give up personal data c. Purchase personal data through criminals d. Use of spywares *credit card # - $1.40 *bank acct - $.10 2. Spyware keystroke logging software downloaded to users computers without the knowledge or consent of the user

creates record of the keystrokes entered on the computer enabling the capture of data and sensitive information 3. Consumer Profiling companies often collect personal information about internet users when they register at websites, fill out forms, complete surveys or enter contests online. *Cookies a text file that a website can download a visitors hard drive so that it can identify visitors on subsequent visits. Advanced Surveillance Technology a. Camera Surveillance *smart surveillance system - Australia b. Facial Recognition Software c. GPS (Global Positioning System) Lesson 2: Cyber Crimes Cyber Crimes encompasses any criminal act dealing with computer and networks, also includes traditional crimes conducted on the internet. - Defined as any illegal activity involving one or more components on the interest such as websites, chatrooms, and/or emails Forms of Cyber Crimes 1. Cyberstalking use of internet to stalk or harass an individual or group of individuals or an organization include false accusations, identity theft, damage to data or equipment in order to cause harm to a target individual o Stalking (according to Lamber Royakkers) is a form of mental assault in which the perpetrator repeatedly, unwontedly, disruptively, breaks into the life world of the victim, with motives that are directly traceable

Factors: a. False accusation b. Attempts to gather info about the victim c. Monitoring targets activities d. Encouraging others to harass the victim e. Attacks on data and equipment f. Ordering goods and services Types of Cyberstalkers: a. Vindictive to annoy b. Intimate to form relationship with the victim c. Collective groups with motives Legislation: *US Federal Anti-Cyber Stalking Law 47 USC Section 223 *Australia: Stalking Amendment Act (1999) * UK Malicious Communications Act (1998) 2. Cyberbullying use information and communication to support deliberate, repeated and hostile behavior by an individual or group that is intended to harm others Behaviors: 1. Pretend they are other people online to trick others 2. Spread lies and humors about victims 3. Send or forward mean messages 4. Post pictures of victims without their consent Effects: 1. Emotional damage 2. Suicide 3. Cyber Defamation misdemeanor or torture via words that conducted on digital media usually through Internet

Law: Korea China 4. Software Theft aka Software Piracy unauthorized copying or distribution of copyright protected software Forms: a. Professional Counterfeit look the same as genuine boxed products b. CD Compilation Disks several programs copied onto disks c. HD Loaders dealers who load a copy of software onto hardware but does not supply disks licenses d. Peer to Peer individuals sharing software on the internet Lesson 3: Information System Security Information Security according to UK Government the practice of ensuring information is only heard, broadcast and otherwise used by people who have the right to do so Data Information Risks 1. Human Errors - entering incorrect transactions, falling to spot & correct errors, processing of wrong information 2. Technical Errors hardware fails or software crashes 3. Accidents 4. Fraud 5. Malicious Damage (performed by the hackers) Security Control Factors: 1. Prevention 2. Detection 3. Deterrence

4. Data recovery - if something goes wrong, it is important to be able to recover lost data and information Categories of Security Controls: 1. 2. 3. 4. Physical controls Procedural controls (process) Technical controls (software) Legal & compliance controls (law)

Application Control 1. Input Control - is to ensure that the procedures and controls reasonably guarantee that: a. data received for processing are genuine complete and not previously processed b. data are entered accurately and without duplication Risk Ares: Entry of unauthorized data Data entered may be irrelevant Incomplete data entry

2. Processing Control ensure complete and accurate processing for input and generated data Objectives: *transaction processing is accurate and complete *unique *valid Risk Ares: Inaccurate processing of transactions leading to wrong output/results Some areas may remain incomplete

3. Output Control are incorporated to ensure that computer output is complete, accurate and correctly distributed Objectives: * produced and distributed output on time *errors are properly investigated Risk Ares: Repeated errors, leading to loss of revenue and credibility of system and organization Non-availability of data at a time when it is desired

Preventive Controls are intended to prevent an incident form occurring Detective Control intended to identify and characterized an incident in progress Corrective Control intended to limit the extent of any damage caused by the incident