Privacy and Cybersecurity

Reliance on cyber-security systems by corporations and governments as a protection against threats to networks, devices, organizational and personal information has continued to increase. Consequently, criminals are prevented from illegally accessing systems to corrupt them or access private data. However, all this monitoring procedure affects the privacy of individuals. For example, these systems have capacities to trace the identities of individual users and access sensitive information. Such access is possible through IP addresses associated to given users in the network environment. While cyber-security applications protect users from attacks, they open a vulnerability for the violation of privacy by the person or entity behind the cyber-security systems. Therefore, the danger posed is, if insiders’ use accessed information contrary to the expectation of the owners of that data; and the quagmire is created because such intrusiveness of cyber-security systems, challenge policymakers and technology developers of how to balance security risk against privacy and civil liberties (Tene, 2014; Landau, 2014).

ECPA, Cybersecurity and its Applicability, and Compliance Support

Electronic Communications Privacy Act, is a Statute in the U.S. that prohibits any intentional disclosure or interception of electronic communication by a third party without due authorization, and was aimed at both Government employees and private citizens (Electronic Privacy Information Center, n.d.).   ECPA affects cybersecurity in two ways. Firstly, it is evident that cybersecurity tools intercept communications, especially those given by any party. Secondly, cybersecurity monitoring is at the core of security management, therefore, it is not unlawful under ECPA exceptions, for a service provider to intercept communications in the event that it is relevant for monitoring purposes as part of their service provision. For example, my organization Citi Bank, has outsourced a third-party security firm to help monitor cyber-attacks, any information that the third-party gets hold onto cannot be shared with any other party by the outsourced firm, hence supporting ECPA compliance. As a CISO, it is my duty to ensure that this policy is complied with at all times, and it is my role to report to the concerned authorities in case of any form of violation and also take relevant precaution to prevent it from happening.

FISA, Cybersecurity, Applicability and Compliance Support

Foreign Intelligence Surveillance Act of 1978 (FISA) is a federal law enacted as a response to abuses of the U.S. persons’ privacy rights by some sections of the national government (USLEGAL, n.d.). Currently, FISA affects cybersecurity by providing the electronic surveillance and collection of foreign intelligence information. As CISO, FISA is applicable in my Citi Bank organization by continuous implementation of alertness that can lead in obtaining surveillance information about anticipated security threat towards my organization’s security systems in advance will enable the organization to take relevant precautions. Internal policy organizations to support FISA compliance will entail submitting to government authorities’ information that is likely to threaten national security for them to act on the threats. It is both a patriotic gesture and security awareness element by providing government security agencies with information that will protect the nation. 

Additional Privacy Law, its Impact on Organization and Compliance Mechanisms

The Financial Information and Privacy Law (FIPL) is a law created to limit the transfer of personal customer’s financial information to other companies (Sidley, n.d.). As a banking institution, my organization ought to ensure information is not shared without consent. Otherwise, when customers discover that their information has been shared with other parties, they can seek judicial intervention and that can be detrimental to the bank. Supporting compliance for this policy requires the bank to provide frequent information on the use and/or sharing of any customer information. 

References

Electronic Privacy Information Center (n.d.). Electronic Communications Privacy. Retrieved from https://epic.org/privacy/ecpa/

Landau, S. (2014). Highlights from making sense of snowden, part II: What’s significant in the NSA revelations. IEEE Secur. Priv. 12, 1 (2014), 62–64.

Sidley (n.d.). Financial Information Privacy Law. Retrieved from https://www.sidley.com/en/services/banking-and-financial-services/financial-information-and-privacy-law

Tene, O. (2014). New harm matrix for cybersecurity surveillance, A. Colo. Tech. LJ 12 (2014), 391

USLEGAL (n.d.). Foreign Surveillance Act (FISA) Law and Legal definition. Retrieved from https://definitions.uslegal.com/f/foreign-intelligence-surveillance-act-fisa/