Although the laws discussed in the following list are specific to the United States, intellectual property is agreed upon and enforced worldwide by various organizations, including the United Nations Commission on International Trade Law (UNCITRAL), the European Union (EU), and the World Trade Organization (WTO).
- Trade secret A trade secret is a confidential design, practice, or method that must be proprietary or business related. For a trade secret to remain valid, the owner must take certain security precautions.
- Copyright A copyright is a legal device that provides the creator of a work of authorship the right to control how the work is used and protects that person's expression on a specific subject. This includes the reproduction rights, distribution rights, right to create, and right to public display.
- Trademark A trademark is a symbol, word, name, sound, or thing that identifies the origin of a product or service in a particular trade. The ISC2 logo is an example of a trademarked logo. The term service mark is sometimes used to distinguish a trademark that applies to a service rather than to a product.
- Patent A patent grants the owner a legally enforceable right to exclude others from practicing or using the invention's design for a defined period of time.
Privacy laws are of interest to many individuals because technology has made it much easier for large amounts of data to be accumulated about them. Commercial databases contain tremendous amounts of data that can be used to infringe on people's sense of privacy and anonymity. The misuse of these databases can lead to targeted advertising and disclosure of personal preferences that some individuals believe is intrusive. Privacy is increasingly being recognized as a fundamental right in many countries. The EU has been on the forefront in developing laws that protect individual privacy. EU privacy guidelines enacted in 1998 state the following:
- Data is to be used only for the purposes for which it was collected and within a reasonable time.
- If requested, individuals are entitled to receive a report on data about them.
- An individual's personal data cannot be disclosed to third parties unless authorized by statute or consent of the individual.
- Persons have a right to make corrections to their personal data.
- Transmission to locations where equivalent personal data protection cannot be assured is prohibited.
Other Notable Laws
Although the exam does not cover country-specific laws, security professionals should be aware of the laws that pertain to them. Therefore, the following laws are mentioned briefly:
- Computer Fraud and Abuse Act of 1986 Amended in 1996 to including hacking. Deals with computers used by the federal government.
- Federal Sentencing Guidelines of 1991 Provides guidelines to judges so that sentences are handed down in a more uniform manner.
- Economic Espionage Act of 1996 Defines strict penalties for those accused of espionage.
- U.S. Child Pornography Prevention Act of 1996 Enacted to combat and reduce the use of computer technology to produce and distribute pornography.
- U.S. Health Insurance Portability and Accountability Act Establishes privacy and security regulations for the health-care industry.
- U.S. Patriot Act of 2001 Strengthens computer crime laws and has been the subject of some controversy.