Electronic Communications Privacy Act
The main purpose of this paper is to report on privacy awareness and its effects on cybersecurity policy. The Electronic Communications Privacy Act (ECPA) will be defined, and how they affect cybersecurity policy will be explained. In the end, the summary on the General Data Protection Regulation will be outlined, and how it could impact on various electronic communication corporations such as Sony Companies. Finally, a small discussion on how policy supports compliance will be indicated. The Oxford Dictionary defines privacy as the quality or state of being apart from any company or observation. Nikander & Karvonen (2010) stated that the boundaries and content of what actually seems to be private would be different among different people, groups, and cultures. The Fourth Amendment of the United States Constitution, which protects the people from unlawful searches and seizures by the government, was one of the first attempts to ensure rights to privacy. However, this amendment does not protect against all search and seizures. Any type of searches and seizures are considered reasonable, may be established by the balancing two vital interests.
The one side of the scale is the inclusion of an individual’s Fourth Amendment rights while on the other hand, the scale is legal government interests, for instance, the public safety (Minnesota & Carter, 2010). The Fourth Amendment was basically written in 1789, has many advancements which have been made that place privacy in a risky position. Therefore, additional Acts such as the Electronic Communication Privacy Act and the Foreign Intelligence Surveillance Act had to be established by the government of the United States (both the Federal besides Congress).
Electronic Communications Privacy Act
The Electronic Communications Privacy Act was implemented and established on April 1986 for the revision, and the expansion of Federal wiretapping and electronic eavesdropping requirements. The Act was established to create and promote the privacy rights of all citizens and the legal inquiry to ensure compulsion in law is applied. The Congress government supported these establishments to develop new advanced technologies by ensuring consumers’ data would continue to be safe (Epic, 2018). Electronic Communications Privacy Act consists of the amendments to the Wiretap Act, enacted by the Stored Communications Act, and the Pen Register Act. Wiretap Act deals with many interceptions of the electronic and wire communications, which includes all aerial transfer made in whole or in part through the use of different facilities for the transmission of communications with help of wires, cables, or other like connections. Oral communication is being defined as verbal communication made by a person who expects that such communication is not subjected to distractions with the intentions of providing justification. This indicates that any spoken word in person, there is the belief that no third party is interfering (Epic, 2018).
An individual who violates Electronic Communications Privacy Act faces up to five years’ imprisonment and fines not less than 250,000 dollars. Each victim is entitled to have brought civil suits and recover actual damages and additional to punitive damages and lawyer’s fees for violations. The government of the United States cannot be sued under Electronic Communications Privacy Act (Danna, 2012). Electronic Communications Privacy Act offers protections to millions of highly classified electronic communications sent back and forth from various companies such Sony companies, which comprises of both customer and company financial reports, and private information and data. To ensure that all electronic communications companies can better their protection of the companies and their consumers globally, these companies should ensure that all employees, especially management, read and understand Electronic Communications Privacy Act (Danna, 2012).
The Electronic Communications Privacy Act to promotes the protection of the rights of United States citizens’ privacy, while Foreign Intelligence Surveillance Act tries to violate these rights. Congress implemented Foreign Intelligence Surveillance Act, which created a different legal regime for foreign power Intel surveillance (1978). The Wiretap Statute gives strict regulations controlling essential law compulsion surveillance, but for Foreign Intelligence Surveillance Act, will show regulations on how the government collects the foreign Intel data in furtherance of U.S. intelligence. The Foreign Intelligence Surveillance Act restricted to electronic eavesdropping and wiretapping. It was revised in 1994 to create a path for unknown physical entrances with connection to all investigations based on cybersecurity, and then on March 1998, it was improved to authorize pen and trap orders (Epic, 2019). Pen and trap rules authorized the government to inquire communications metadata, which includes mobile numbers of incoming and outgoing calls, g-mail addresses of senders and recipients), but this does not allow them in any way to hear or listen to calls or even read the contents of an emails or text messages. (Kalmbacher, 2018).
The Fourth Amendment, a search warrant must be based on the possible cause to believe that a crime has been or is being committed, whereas, for Foreign Intelligence Surveillance Act, this is not the case. Surveillance in Foreign Intelligence Surveillance Act will only be allowed as a base on a looking for possible causes that surveillance targets any foreign country or an agency, when the target is suspected to be engaging in criminal activity. However, if the individual of interest is one of the United States citizens, there must be a reasonable cause to that actions of the citizen could involve espionage. According to the First Amendment, a United States citizen cannot be an agent of a foreign government based on activities that are protected.
President Obama (2014) ordered the Presidential Policy Directive 28, which authorized that the intelligence community bring current existing policies and develop new strategies for protecting all personal data collected via Signals Intelligence means such as Foreign Intelligence Surveillance Act. Under the Foreign Intelligence Surveillance Act, individuals, groups, and organizations can be placed under surveillance without their knowledge just because they are suspected of a crime. Because of the aforementioned, it would be in the company’s best interest to be cognizant of a law like the Foreign Intelligence Surveillance Act. Some companies, such as Sony, have a global business that is all lawful. In good standing, laws like the Foreign Intelligence Surveillance Act could potentially target the company and cause severe legal restrictions if they were found to violate the law. According to Liu (2018), Sony should ensure that its employees, particularly management and the legal department, have a thorough understanding of laws like the Foreign Intelligence Surveillance Act to help prevent Sony from accidentally violating it.
Corporations such as Sony Pictures Entertainment is in the business of collecting, storing and transmitting customer and employee personally identifiable information, for example, social security numbers, driver’s license numbers, taxpayer identification number, financial accounts, and credit card numbers, among others. The United States does not yet have an agreed-upon standard for the protection of personally identifiable information, so it would have an impact on various corporations in the electronic communications business to adopt the United Kingdom’s General Data Protection Regulation Act. The General Data Protection Regulation was enacted by European Parliament, the Council of European Union and European Commission and adopted on April 27, 2016. It started working on 25th May 2018. The General Data Protection Regulation applied rules and regulations that offer protection in guarding people against different privacy issues. This policy ensures that the users have the right to allow their private data to become public or not. It also enforces that people have the right to have private data no longer accessible by any service providers. The General Data Protection Regulation (GDPR) gives the rights to individuals to lawfully agree with companies to use any of their private data. Also, GDPR ensures that no personal data or information is processed unless the user has allowed the processor of the data or information to do so.
By any chance the companies are allowed to implement the General Data Protection Regulation predecessor, then the companies could have avoided 250,000 dollars fined by the Information Commissioners Office for not using updated security software to protect customers personally identifiable information. Companies offering or providing PlayStation Networks may be attacked because these companies chose not to adhere to common security standards, which may allow hackers to get into their online stores and expose thousands of customers’ confidential information to cybercriminals. The Information Commissioners Office deputy commissioner David Smith states that the data breach was one of the worst he had ever come across (Glenday, 2019).
Policy Supports Compliance
Organizational policies act as a written compliance guide. All compliance requirements need written policies that develop baseline security controls. These requirements may exist to make sure that management knows and understand their work and has made proper use of oversight. To ensure compliance, the management of a company must adhere to procedures put in place that will always guarantee that employees are strictly meeting the compliance requirements. To ensure this, the management must involve the Human Resources Department because, since they in-process the new employees, they are the first impression of the company. Therefore, the administration will set the tone of the Policy Compliance Program (Nikander & Karvonen, 2010).
For a company to develop different policies and provide training to employees, it must involve its employees because they can resist these changes. If the company does not have procedures for employee non-compliance, the organization can be put at risk. The company is required to include in the Human Resources policies what steps are to be taken if all employees in the company become non-compliant (Walsh, 2019). Cybersecurity is dynamic each day. This means that each employee needs to re-read policies at least yearly, and when the management makes changes and additions of the company. The company’s ongoing training programs should make sure it addresses cybersecurity based on job descriptions and qualifications. For instance, the Finance and Human Resource departments tackle different types of data and information. Therefore, they would require various privacy training specific to their area of job. Primary privacy training topics include the following, regardless of job descriptions and qualifications, would be: What data needs to be protected? How to label data? How to organize data? Protocols on sharing data. How to dispose of whenever the organization no longer needs the data. There is an important impact of backing up critical data in a company (Stokes, 2019).
In conclusion, the paper indicated privacy awareness and its effects on cybersecurity policy on the private information rights of all citizens in United States. Electronic Communications Privacy Act (ECPA) and Foreign Intelligence Surveillance Act (FISA) definitions were given, and how their implications on cybersecurity and privacy rights are explained. In addition to this, suggestions on how policies at different communication companies such as Sony could support ECPA and FISA compliance were fully explained. A summary of the General Data Protection Regulation was defined and how it could impact different companies in the electronic communications business. Finally, the essay gave a clear brief discussion on how policy supports compliance was established to support the changes in the cybersecurity in daily operations and how cybercriminals affects this information and data of the companies.
Danna, S. K. (2005). The Impact of Electronic Discovery on Privilege and the Applicability of the Electronic Communications Privacy Act. Loyola of Los Angeles Law Review, 38(4), 1683.
Epic. (2018). Electronic Communications Privacy Act (ECPA). Retrieved from epic.org: https://epic.org/privacy/ecpa/
Glenday, J. (2013, January 24). Sony executives bowed in contrition in the wake of the scandal and have since rebuilt the service from the bottom up to be more secure. Retrieved from thedrum.com: https://www.thedrum.com/news/2013/01/24/sony-fined-250k-over-serious-data-protection-act-breach
Liu, S. (2018, August 9). Sony’s net income from 2007 to 2018. Retrieved from statista.com: https://www.statista.com/statistics/279271/net-income-of-sony-since-2008/
Merriam-Webster. (2020, January 12). Privacy. In The Merriam-Webster.com Dictionary. Retrieved January 15, 2020, from merriam-webster.com: https://www.merriam-webster.com/dictionary/privacy
Minnesota, & Carter. (1998). Minnesota v. Carter, 525 U.S. 83. Retrieved from uscourts.gov: https://www.uscourts.gov/about-federal-courts/educational-resources/about-educational-outreach/activity-resources/what-does-0
Nikander, P., & Karvonen, K. (2010). An International Workshop on Security Protocols. In Users and trust in cyberspace. (pp. 24-35). Berlin: Springer.
Stokes, J. (2019, September 24). 9 Topics to Cover in Your Privacy Awareness Training Program. Retrieved from mediapro.com: https://www.mediapro.com/blog/9-topics-privacy-awareness-training-program/
Walsh, K. (2019, January 10). How To Ensure Compliance with Policies. Retrieved from reciprocitylabs.com: https://reciprocitylabs.com/how-to-ensure-compliance-with-policies/