Introduction
The US federal government considers cybercrime as one of the most critical threats to its security alongside terrorism (Cowley, 2012). In fact, the government considers cyber attacks a threat to the national security, which has prompted enactment of a number of laws.
Since 1985, America has established several statutes with an aim of protecting the federal and state governments, organizations, and the public from effects of internal and external cyber-attacks (Cowley, 2012). Companies are required to comply with certain laws in order to ensure that their computer and communications systems do not provide cyber criminals with an easy target to execute their crimes.
Although there is no single law that describes the specific way in which corporations should implement cyber security measures, a number of legislations seek to protect both the government and corporations from cybercrime. The purpose of this paper is to discuss legislation relevant to protecting corporations from cyber attacks, with a special reference to an organization dealing with management of equity fixed-income property and allocation of asset funds.
In October 2012, the American government issued a warning to organizations that the country might experience a possibility of what it calls ‘cyber Pearl Harbor’ (Cowley, 2012). It warns that foreign computer hackers are likely to let loose chaos on America’s transportation system, information systems, power grid, and financial networks.
However, it considers cyber havoc as the most probable and dangerous effect because most organizations do not have sophisticated measures to protect their intellectual property from cyber attacks.
Acts Protect Equity and Assets From Cybercrime
The Federal Computer Fraud and Abuse Act 1984
The Federal Computer Fraud and Abuse Act 1984 is the first statute in the United States of America to protect intellectual property from theft and other forms of cybercrime. The statute was originally enacted with an aim of prosecuting hackers and those attempting to hack or attack computers and information systems in financial organizations or institutions of the federal government.
Both organizations and the public sector have used this act to prosecute people who hack into their information systems. However, there are disagreements in courts over the use of the statute, which implies that the legislation is not effective for the financial institution in question to protect its intellectual property from cyber attacks (Cowley, 2012).
Economic Espionage Act
Being a financial institution dealing with figures and facts as its main item of trade, the company under discussion is likely to apply the Economic Espionage Act to prosecute people who attempt to hack into its information system or pose a threat to its intellectual property.
This statute states that any acts of theft, intentional receipt of trade secrets, and authorized copying of information or data is a crime that punishable under the law. It aims at criminalizing the theft of trade secrets, which protects governments, agents, and financial organizations (Fischer, 2012).
The Digital Millennium Copyright Act
The Digital Millennium Copyright Act is a statute in the United States of America that seeks to protect the government and organizations from cyber attacks by prosecuting IP theft. The statute considers theft of computer and computer systems’ identity as a crime. It seeks to protect organizations from people who fraud them of their intellectual property by illegally stealing the identity of their computers, internet services, and other parts of the information system.
Wiretap Act
By enacting the Wiretap Act, the federal government of the US aims at protecting privacy in communications between people in and out of organizations. The act criminalizes and seeks to prosecute people and organizations that attempt to involve in certain acts such as intentional or purposeful disclosure, intercept or use the contents of any wire, electronic or oral communication uses a device (Cowley, 2012).
The term device includes such objects as the computer, the internet, telephone, radio, and other items of electronic communication. In addition, the act provides civil and criminal penalties for people who violate these regulations. However, it has a number of exceptions to when the violations are legal.
Electronic Communications Privacy Act
Electronic Communications Privacy Act considers all writings, images, data, sound, transfer signals, and intelligence that are transmitted through wire, electromagnetic, radio, photo-optical or photoelectronic means as a property that needs protection. The statute sets down a number of requirements for arrests and search warrants.
Stored Communications Act
Stored Communications Act is the second title of the statute that seeks to protect communications held or on transit in electronic devices and channels such as the Internet and computers (Fischer, 2012).
The Electronic Communications Privacy Act of 1986
The Electronic Communications Privacy Act of 1986 is a federal statute in the United States of America that seeks to protect companies and public institutions from unauthorized access of government or corporation electronic communications. In fact, this statute is an extension of the Omnibus Crime Control and Safe Act of 1986 (Tunstall, 2011).
Conclusion
With respect to the above statutes, the company is obliged to comply with reporting regulations after it suffers a cyber attack or breach of its data. For instance, the SEC is involved in developing and publishing detailed guidelines that institutions need to follow when reporting events of cybercrime or breach of data.
They also need to use these guidelines when disclosing information related to these events in case the attacks are likely to cause some effect on the their data, clients, liquidity, losses, and business operations (Cowley, 2012). According to the regulations, disclosures must have specific content and in plain English (Tunstall, 2011). However, cybercrime disclosures are alarmingly infrequent in the United States, but it is important that the company comply with these rules and regulations (Kayman & Elbaum, 2012).
The law requires the company to comply with these laws in order to guarantee the customers, the public, and other organizations reasonable degree of security for their information. However, the size of the company, the industry to which it belongs, and the type of business it conducts determine how the company will comply with the law.
There are minimum legal requirements the company must fulfill in order to provide maximum security for the information that it values as its assets. For example, it is mandatory for the company to be registered as a private company, a public liability company or a corporation. Secondly, the company must provide information regarding its size, value, and nature of data as well as the number of customers it deals with.
Moreover, it is necessary for the company to ensure that customers are provided with an ability to access their data but provide security so that their data is protected from cybercriminals. Finally, it is necessary for the company to comply with the regulations on disclosure of information on cyber attacks to the relevant authorities, the prosecution, and the courts if the offenders are brought in court for an offense related to crimes against the company’s intellectual property (Tunstall, 2011).
References
Cowley, S. (2012). FBI Director: Cybercrime Will Eclipse Terrorism. Web.
Fischer, E. A. (2012). Federal laws relating to cybersecurity: discussion of proposed law revisions. Congressional Research Service. Web.
Kayman, S., & Elbaum, L. (2012). Ninth Circuit Fuels Employee Misappropriation Debate. New York Law Journal 2(3), 15-16.
Tunstall, M. K. (2011). Reporting Cyber Attacks and Data Security Breaches– Guidance from the SEC. New York: SEC.