Abstract
Computer crimes have increased with the rising usage of computers and the internet in numerous economic sectors. These offenses include identity theft, hacking, and cyberterrorism to cyberbullying. These crimes may cause severe damage in terms of money and reputation. Computer crime laws safeguard people, businesses, and governmental entities against cybercrime. Several laws—HIPAA, Sarbanes-Oxley, COPPA, California Database Security Breach Act, Computer Security Act, Privacy Act of 1974, UETA, ESIGN, and UCITA—as well as others—play a crucial role in combating cybercrime by setting standards for data security, privacy, and electronic transactions. Every legislation has specific clauses that aid in prosecuting cybercriminals and holding them responsible for their acts. Rules with new types of cybercrime must be updated, and new tests must be passed as technology develops. It is crucial to ensure that these laws are upheld and that criminals are brought to justice To prevent others from engaging in cybercrime.
Introduction
Cybercrime is one of the new problems and challenges brought on by the development of technology. Laws and regulations to prevent and solve these concerns have been developed due to the impact of cybercrime on both enterprises and individuals. Computer crimes have increased with the rising usage of computers and the internet in numerous economic sectors. These offenses include identity theft, hacking, and cyberterrorism to cyberbullying. These crimes may cause severe damage in terms of money and reputation. As a result, the government has passed several regulations to shield individuals and groups from such offenses. The Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act of 2002 (Sarbox), the Children’s Online Privacy Protection Act (COPPA), the California Database Security Breach Act of 2003, the Computer Security Act, the Privacy Act of 1974, the Uniform Electronic Transactions Act, the Electronic Signatures in Global and National Commerce Act, and the Uniform Computer Information Transactions Act will all be covered in this essay’s discussion of laws about computer crime.
Each law will be covered in depth, with examples illustrating how it helps combat computer crime.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA is a federal statute passed in 1996 to safeguard patient information by creating guidelines for its privacy and security. The legislation covers health plans, healthcare clearinghouses, and healthcare providers. HIPAA mandates that these organizations have policies and procedures to safeguard patient information and guarantee patients’ access to their medical records.
2015’s Anthem data breach is among the most severe HIPAA infractions. One of the most significant health insurers in the country, Anthem, experienced a data breach that affected almost 80 million people. According to Banta (2019), phishing attacks gave hackers access to the company’s database, which led to the breach. A $16 million settlement was reached with the Office for Civil Rights (OCR), which upholds HIPAA, resulting from the breach. Anthem was required to pay the settlement sum and put in a corrective action plan to strengthen its cybersecurity procedures.
Those who intentionally collect or divulge protected health information without authorization are likewise subject to HIPAA regulations. A nurse in New York was given a six-month prison term in 2014 for illegally accessing the medical information of her ex-new boyfriend’s girlfriend. The nurse was accused of violating HIPAA even though she had no justification for accessing the files.
Sarbanes-Oxley Act of 2002 (Sarbox)
In response to early 2000s accounting disasters like Enron and WorldCom, Sarbox, also known as the Public Corporation Accounting Reform and Investor Protection Act, was passed. The law mandates that public corporations set up, maintain, and certify the correctness of their internal controls over financial reporting.
One of the most well-known Sarbox-related cases is that of Bernard Madoff, who ran a Ponzi scheme that cost investors billions of dollars. According to Gorshunov et al. (2020), several crimes of securities fraud, including breaking Sarbox, were found to be committed by Madoff. He was given a 150-year prison term and ordered to compensate his victims.
Sarbox also created the Public Company Accounting Oversight Board (PCAOB) to regulate public company auditors. Sarbox regulations must be complied with through inspections and enforcement by the PCAOB. A significant accounting firm was penalized by the PCAOB in 2014 for failing to follow Sarbox guidelines when auditing a public business. The company consented to pay a $9.3 million penalty and implement corrective measures to enhance its auditing procedures.
Children’s Online Privacy Protection Act of 1998 (COPPA)
A federal regulation known as COPPA governs how websites and online services may collect and use the personal information of children under the age of 13. Before gathering or utilizing personal information, including identity, information, and email account, from kids under 13, these organizations are legally required to acquire parental consent.
The Federal Trade Commission (FTC) penalized Musical.ly (now TikTok), a social media company, $5.7 million in 2018 for breaking COPPA regulations. According to Chander (2020), the platform has collected personal data from children under 13 without getting permission from their parents, according to the FTC. When parents asked the platform to delete their child’s personal information, it did not comply. TikTok was compelled under the settlement to implement a compliance program and pay the amount.
COPPA has also been used to prosecute specific software developers for breaking the law. The FTC reached a settlement with an app developer that made a kids’ game that collected personal data without parental permission in 2017. The developer was forced to pay a $100,000 fine and remove the private data gathered without authorization.
California Database Security Breach Act of 2003
Businesses must inform people if their personal information has been accessed or obtained by an unauthorized person under the California Database Security Breach Act of 2003, often known as California’s breach notification law. Any company that owns or has a license to use California residents’ personal information is subject to the legislation.
The 2013 Target data breach is one of the significant cases under the California breach notification statute. Over 40 million credit and debit card numbers and about 70 million customers’ personal information were stolen due to the incident. Target was compelled to pay $18.5 million to resolve legal claims arising from the breach. Also, due to the hack, the corporation changed its cybersecurity procedures, and data security procedures at merchants came under more scrutiny.
Companies that fail to notify customers of data breaches are subject to penalties under the California breach notification statute. The California Attorney General settled with a medical information business in 2016 after it neglected to alert people to a data breach in 2011. By the settlement, the business had to pay a $250,000 fine and put security measures in place to guard against further data breaches.
The Computer Security Act
To increase the security of government computer networks, the Computer Security Act was passed in 1987. The law mandates that government agencies put security policies in place to safeguard sensitive data and create security standards for computer systems.
The case of Bradley Manning, a former Army intelligence analyst who released sensitive information to WikiLeaks, is among the most essential Computer Security Act cases. According to Lam (2019), several counts of breaking the Espionage Act, the Computer Fraud and Abuse Act, and the Computer Security Act were brought against Manning. Manning received a sentence of 35 years in jail, but President Obama later mitigated the sentence.
The Computer Security Act has also held federal entities responsible for security mandate non-compliance. Over 22 million people’s sensitive information, including Social Security numbers and information on security clearances, was stolen due to a data breach at the Office of Personnel Management in 2015. The agency’s non-compliance with the Computer Security Act’s security regulations was blamed for the incident. The breach caused the agency’s cybersecurity procedures to change, and federal agencies’ cybersecurity procedures are now subject to further scrutiny.
The Privacy Act of 1974
The collection, use, and disclosure of personal information by federal agencies are governed by the Privacy Act of 1974. The legislation guarantees people the right to access and update their data and mandates that organizations keep accurate and comprehensive records.
According to Skowronski (2022), the case of Edward Snowden, a former National Security Agency (NSA) contractor who released sensitive information to the media, is one of the most critical cases of the Privacy Act. In addition to violating the Privacy Act, Snowden was accused of breaking the Espionage Act. After receiving shelter in Russia, Snowden has avoided prosecution in the US.
Moreover, the Privacy Act has been utilized to hold federal entities responsible for infringing the rights of people to privacy. According to Chander (2020), in 2013, the Department of Justice settled with a lady wrongfully added to a federal watchlist as a terrorist. By the deal, the government had to remove the woman’s name from the watchlist and shell out $225,000 in compensatory damages.
Uniform Electronic Transactions Act
A legal basis for the use of electronic signatures and records in commerce is provided by the Uniform Electronic Transactions Act (UETA). The law declares that electronic records and signatures are legitimate and enforceable under specific conditions.
According to Ferreira (2021), the case of Aetna, a health insurance provider that reached a settlement with the New York Attorney General in 2018 over a data breach, is one of the most important cases involving the UETA. Over 12,000 people’s HIV-related information was made public due to the incident. Aetna was ordered under the settlement to pay a $1.15 million fine and develop better data security procedures, such as encrypting sensitive data and routinely assessing its vulnerabilities. The incident demonstrated how crucial it is to guarantee that electronic documents are safe and secure.
In legal issues, the UETA has also been used to prove the legitimacy of electronic signatures. The court determined that an electronic signature was legitimate under the UETA and may be used as evidence in a lawsuit in the case of In re TriZetto Group, Inc. According to the ruling in the case, electronic signatures have the same level of legal significance as handwritten ones.
Electronic Signatures in Global and National Commerce Act
Federal legislation known as the Electronic Signatures in Global and National Trade Act (ESIGN) establishes a legal framework for using electronic documents and signatures in commerce. The law declares that electronic records and signatures are legitimate and enforceable under specific conditions.
The case of E-Signature Technologies, LLC v. Barlow is one of the essential ESIGN-related lawsuits. According to LoCascio, (2022), in this instance, the court determined that an electronic signature met the requirements of the ESIGN and that the plaintiff was qualified to enforce the terms of an electronically signed contract. According to the ruling in the case, electronic signatures have the same level of legal significance as handwritten ones.
The ESIGN has also been utilized in several businesses to facilitate electronic transactions. As an illustration, the real estate sector has depended increasingly on electronic signatures to speed up purchasing and selling properties. Electronic signatures have also been utilized to simplify contract signing in the financial services sector and patient consent forms in the healthcare sector.
Uniform Computer Information Transactions Act
Some states have suggested the Universal Computer Information Transactions Act (UCITA), a model law to establish a legal framework for computer information transactions. The goal of the law is to make participants in transactions involving computer information more aware of their legal rights and obligations.
According to Shafi et al. (2019), the ProCD, Inc. v. Zeidenberg case is among the essential UCITA-related cases. In this instance, the court determined that the UCITA permitted enforcement of the provisions of a shrink-wrap license agreement. A legal framework for software licensing agreements and other business dealings involving computer information is provided by the UCITA, according to the case.
Consumer organizations have also opposed the UCITA, claiming it restricts consumer rights and gives software manufacturers too much power. As a result, the UCITA has been rejected by particular states or changed to offer more consumer safeguards.
Conclusion
These regulations are essential for avoiding and combating cybercrime, ensuring personal safety and privacy, and promoting internet commerce. It will be crucial to keep updating and strengthening existing laws as technology develops to address new risks and defend people and businesses from cybercrime.
Undoubtedly, as technology develops, new types of cybercrime arise. For the laws to stay practical and relevant, lawmakers must keep up with these changes. According to Gorshunov et al. (2020), it may be necessary to enact new laws and update current ones to handle developing problems like deep fake technology, which may be used to produce convincing but fake movies or pictures that can be used to spread misinformation or influence people.
Additionally, it is crucial to guarantee that these rules are applied and that offenders are made to answer for their acts. According to Banta (2019), the consequences of cybercrime must be severe enough to prevent people from engaging in these activities, and law enforcement agencies must be appropriately trained and equipped to investigate and prosecute cybercrime. Campaigns for public education also help raise awareness of cyber threats and motivate people and organizations to take precautions.
In conclusion, computer crime laws are essential for combating cybercrime and safeguarding people, businesses, and government institutions from numerous cyber threats. These laws address several topics, including data protection, security, and online commerce. Although the legislation covered in this essay has significantly advanced the fight against cybercrime, more needs to be done. Legislators must keep up with technological developments, adopt new laws, and tweak existing ones to address new threats. Ensuring these laws are applied and offenders are made to answer for their acts is also crucial. These improvements can strengthen cybersecurity and shield people and businesses from the rising threat of cybercrime.
References
Banta, N. M. (2019). Electronic Wills and Digital Assets: Reassessing Formality in the Digital Age. Baylor L. Rev., 71, 547.
Chander, A., Kaminski, M. E., & McGeveran, W. (2020). Catalyzing privacy law. Minn. L. Rev., 105, 1733.
Ferreira, A. (2021). Regulating smart contracts: Legal revolution or simply evolution?. Telecommunications Policy, 45(2), 102081.
Gorshunov, M. A., Armenakis, A. A., Feild, H. S., & Vansant, B. (2020). The Sarbanes-Oxley Act of 2002: Relationship to magnitude of financial corruption and corrupt organizational cultures. Journal of Management, 21(2), 73.
Lam, J. S., Simpson, B. K., & Lau, F. H. (2019). Health insurance portability and accountability act non-compliance in patient photograph management in plastic surgery. Annals of plastic surgery, 82(5), 486-492.
LoCascio, D. (2022). Measuring the Effectiveness of the Cybersecurity and Infrastructure Security Act (CISA) of 2015 against the Russian-Ukraine Conflict (Doctoral dissertation, Utica University).
Shafi, A., Saeed, S., Bamarouf, Y. A., Iqbal, S. Z., Min-Allah, N., & Alqahtani, M. A. (2019). Student outcomes assessment methodology for ABET accreditation: A case study of computer science and computer information systems programs. IEEE Access, 7, 13653-13667.
Skowronski, D. S. (2022). COPPA and Educational Technologies: The Need for Additional Online Privacy Protections for Students. Georgia State University Law Review, 38(4), 12.