United States laws - Cybersecurity:
The federal laws below are related to Cybersecurity and are provided as text and / or links, with a brief summary.
- BSA – Bank Secrecy Act of 1970, Pub. L. No. 91-508
- CCPA – Consumer Credit Protection Act of 1968, Pub. L. No. 90-231
- CFAA – Computer Fraud and Abuse Act of 1986, Pub. L. No. 99-474
- CMPPA – Computer Matching and Privacy Protection Act of 1988, Pub. L. No. 100-503
- CSA – Computer Security Act of 1987, Pub. L. No. 100-235
- ECPA – Electronic Communications Privacy Act of 1986, Pub. L. No. 99-508
- EFTA – Electronic Funds Transfer Act of 1978, Pub. L. No. 95-630
- FACTA – Fair and Accurate Credit Transactions Act of 2003, Pub. L. No. 108-159
- FCRA – Fair Credit Reporting Act amendment of 2003, Pub. L. No. 108-159
- FDCPA – Fair Debt Collection Practices Act of 1977, Pub. L. No. 95-109
- FISA – Foreign Intelligence Surveillance Act of 1978, Pub. L. No. 95-511
- FTC – Federal Trade Commission Act Sec 5, Pub. L. No. 103-312
- GLBA – Gramm-Leach-Bliley Act of 1999, Pub. L. No. 106-102
- HIPAA – Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191
- TCPA – Telephone Consumer Protection Act of 1991, Pub. L. No. 102-243
- TILA – The Truth in Lending Act of 1968, Pub. L. No. 90-321
- USA PATRIOT Act of 2002, Pub. L. No. 107-56
BSA – Bank Secrecy Act of 1970, Pub. L. No. 91-508
The BSA amended the Federal Deposit Insurance Act of 1950 to require maintenance of certain records and reporting to the Treasury Department. Title III of the USA PATRIOT Act of 2001 amended the BSA with anti-money laundering reporting requirements.
Title III of the USA PATRIOT Act, titled the “International Money Laundering Abatement and Financial Anti-Terrorism Act of 2001,” was enacted to prevent and prosecute international money laundering which is key to financing terrorism. Title III amended the Money Laundering Control Act of 1986 as well as the BSA. Title III strengthened the banking rules against money laundering, improved communication between law enforcement agencies and financial institutions, enlarged oversight of currency smuggling and counterfeiting, and significantly increased the maximum penalty for currency counterfeiting.
The BSA was enacted as United States Public Law 91-508, became effective on October 26, 1970; compiled at 84 Stat. 1118; and it amended Title 12 Banks and Banking, and Title 15 Commerce and Trade. Also see below for statutes amended by the USA PATRIOT Act and its sequelae.
CCPA – Consumer Credit Protection Act of 1968, Pub. L. No. 90-231
The Consumer Credit Protection Act was enacted to safeguard the consumer in connection with the utilization of credit by requiring full disclosure of the terms and conditions of finance charges in credit transactions or in offers to extend credit; by restricting the garnishment of wages; and by creating the National Commission on Consumer Finance to study and make recommendations on the need for further regulation of the consumer finance industry.
The CCPA was enacted as United States Public Law 90-231, on May 29, 1968; compiled at 82 Stat. 146; and codified at ;
CFAA – Computer Fraud and Abuse Act of 1986, Pub. L. No. 99-474
The Computer Fraud and Abuse Act of 1986 was enacted as an amendment to the existing computer fraud statute included in the Comprehensive Crime Control Act of 1984 at 18 USC 1030 et seq. It comprises the federal computer security statutes that specify computer fraud and abuse to federal computers, and those in which there is a federal interest, such as banking computers, and computers used in interstate and foreign commerce. Over the last 30 years the Congress has amended the statute using the Identity Theft Enforcement and Restitution Act of 2008, and the USA Patriot Act of 2001. in response to advances in technology that have spawned greater and more frequent attacks on the public and private sectors. It is frequently relied upon by the US Department of Justice.
The CFAA was enacted as United States Public Law 99-474, on October 16, 1986; compiled at 100 Stat. 1213; and codified at 18 USC 1030 et seq.
CMPPA – Computer Matching and Privacy Protection Act of 1988, Pub. L. No. 100-503
The CMPPA was enacted to amend Title 5 of the United States Code, to ensure privacy, integrity, and verification of data disclosed for computer matching, to establish Data Integrity Boards within Federal Agencies, and for other purposes. Used by Federal agencies.
The CMPPA was originally enacted as United States Public Law 100-503 on October 18, 1988, compiled at 102 Stat. 2507; and codified at 5 USC 552a et seq.
CSA – Computer Security Act of 1987, Pub. L. No. 100-235
The CSA is an Act to provide for a computer standards program within the National Bureau of Standards, to provide government-wide computer security, and to provide for the training in security matters of persons who are involved in the management, operation, and use of Federal computer systems, and for other purposes.
The CSA was originally enacted as United States Public Law 100-235 on January 8, 1988, compiled at 101 Stat. 1724; and codified at 15 USC 272 et seq.
ECPA – Electronic Communications Privacy Act of 1986, Pub. L. No. 99-508
The ECPA is known informally as, “The Wiretap Act”, and many states have similar statutes. The Act amended Title 18, United States Code, with respect to the interception of certain communications, other forms of surveillance, and for other purposes. Plus, at 18 USC 2520(a)-(b), the Act provides for a private right of action with equitable relief, punitive damages, attorney fees and costs.
The ECPA was enacted as United States Public Law 99-508, on October 21, 1986; compiled at 100 Stat. 1848-1873; and codified at 18 USC 2510 et seq.
EFTA – Electronic Funds Transfer Act of 1978, Pub. L. No. 95-630
The EFTA was enacted to define the rights and liabilities of consumers and financial institutions regarding lost or stolen credit cards, unauthorized withdrawals etc where the funds are electronical transferred.
The EFTA was enacted as United States Public Law 95-630; compiled at 92 Stat 3641; and it amended Title 12 Banks and Banking, and Title 15 Commerce and Trade.
FACTA – Fair and Accurate Credit Transactions Act of 2003, Pub. L. No. 108-159
FACTA was enacted to amend the Fair Credit Reporting Act, to prevent identity theft, improve resolution of consumer disputes, improve the accuracy of consumer records, make improvements in the use of, and consumer access to, credit information, and for other purposes. It was added, primarily, to protect consumers from identity theft. See 15 USC § 1601-1681.
FACTA was enacted as United States Public Law 108-159, on December 4, 2003; compiled at 117 Stat. 1952-2012; and codified at 15 USC 1601 et seq.
FCRA – Fair Credit Reporting Act amendment of 2003, Pub. L. No. 108-159
FCRA was enacted to promote the accuracy, fairness, and privacy of consumer information contained in the files of consumer reporting agencies. This title [enacting subchapter III] may be cited as the ‘Fair Credit Reporting Act.”.
FCRA was enacted in section 601 of title VI of Pub. L. 90–321, as added by Pub. L. 91–508; title VI, §601, Oct. 26, 1970, 84 Stat. 1128 , as amended by Pub. L. 108–159, title VIII, §811(a), Dec. 4, 2003, compiled at 117 Stat. 2011, and codified at 18 USC 1681.
FDCPA – Fair Debt Collection Practices Act of 1977, Pub. L. No. 95-109
The FDCPA was enacted to amend the Consumer Credit Protection Act to prevent abusive practices by debt collectors. This Title may be cited as the Fair Debt Collection Practices Act. 15 USC 1692. The Federal Trade Commission (FTC), the nation’s consumer protection agency, enforces the FDCPA, which prohibits debt collectors from using abusive, unfair or deceptive practices to collect from you. 15 USC § 1601-1692
The FDCPA was enacted as United States Public Law 90-321, and Title VIII §802 was added in Public Law 95-109, September 20, 1977; compiled at 91 Stat. 874; and codified at 15 USC 1692 et seq.
FISA – Foreign Intelligence Surveillance Act of 1978, Pub. L. No. 95-511
FISA was enacted to establish procedures for the physical and electronic surveillance and collection of “foreign intelligence information” between “foreign powers” and “agents of foreign powers” suspected of espionage or terrorism. The Act created the Foreign Intelligence Surveillance Court (FISC) to oversee requests for surveillance warrants by federal law enforcement and intelligence agencies. This Act may be cited as the Foreign Intelligence Surveillance Act of 1978. It has been repeatedly amended since the September 11, 2001, attacks on the United States.
FISA was enacted as United States Public Law 95-511 on October 25, 1978; compiled at 92 Stat. 1783; and codified at 50 USC 1801.
FTC – Federal Trade Commission Act Sec 5, Pub. L. No. 103-312
The FTC Act (15 USC §45) was amended with Section 5 to prohibit “unfair or deceptive acts or practices in or affecting commerce.” The FTC Act was originally enacted as United States Public Law 95-511 on September 26, 1914, compiled at 38 Stat. 717; and codified at 15 USC 58 et seq.
FTC Section 5 added by United States Public Law 103-312 on August 6, 1994; compiled at 108 Stat. 1692; and codified at 15 USC 58 to include Section 5, Unfair and Deceptive Practices.
GLBA – Gramm-Leach-Bliley Act of 1999, Pub. L. No. 106-102
The GLBA, Gramm-Leach-Bliley Act, also known as the Financial Modernization Act of 1999, repealed the Glass-Steagall Act of 1933, and was enacted to control what financial institutions can do with the private information of individuals. The three primary sections of the Act: The Financial Privacy Rule for collection and disclosure of private financial information (15 USC §§6801-6809); The Safeguards Rule which requires financial institutions to implement security to protect the private information (15 USC §§6801-6809); and The Pretexting Rules, which prohibit the practice of pretexting, or accessing private information using false pretenses (15 USC §§6821-6827). The Act also requires financial institutions to devise written privacy notices regarding information-sharing practices.
The GLBA was enacted as United States Public Law 106-102, compiled at 113 Stat. 1338, and it amended Title 12 Banks and Banking, and Title 15 Commerce and Trade.
HIPAA – Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191
Title I of HIPAA regulated individual and group health insurance plans. It amended the Employee Retirement Income Security Act, the Public Health Service Act, and the Internal Revenue Code.
Title II of HIPAA provided for the privacy and the security of health information, control of fraud and abuse in the health care system, revised medical liability and simplified administration.
Title III standardized amounts that could be set aside in Medical Savings Accounts.
Title IV includes provisions for health plans and pre-existing conditions, continuation coverage and COBRA amendments.
Title V includes provisions for life insurance tax deductions and the liabilities of expatriation. See the Quarterly Publication of Individuals Who Have Chosen to Expatriate.
The HIPAA was originally enacted as United States Public Law 104-191 on August 21, 1986; compiled as 110 Stat. 1936; and codified at 47 USC 227 et seq.
TCPA – Telephone Consumer Protection Act of 1991, Pub. L. No. 102-243
The TCPA was enacted to amend the Communications Act of 1934 to prohibit certain practices involving the use of telephone equipment. It is cited as the Telephone Consumer Protection Act of 1991. The TCPA restricts telephone solicitations (i.e., telemarketing) and the use of automated telephone equipment. The TCPA limits the use of automatic dialing systems, artificial or prerecorded voice messages, SMS text messages, and fax machines.
The TCPA was originally enacted as United States Public Law 102-243 on December 20, 1991; compiled as 105 Stat. 2394; and codified at 47 USC 227 et seq.
TILA – The Truth in Lending Act of 1968, Pub. L. No. 90-321
TILA was enacted to promote the informed use of consumer credit, by requiring disclosures about the terms and costs, and to standardize the manner in which costs associated with borrowing are calculated and disclosed.
TILA amendments were enacted as United States Public Law 104-29 on September 30, 1995; compiled at 109 Stat. 271; and codified at 15 USC 1601 et seq.
USA Patriot Act of 2001, Pub. L. No. 107-56
The USA PATRIOT Act expanded reads, Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism.
It initially amended the Electronic Communications Privacy Act, the Computer Fraud and Abuse Act, Foreign Intelligence Surveillance Act, Family Education Rights and Privacy Act, Money Laundering Control Act, Bank Secrecy Act, Right to Financial Privacy Act, Fair Credit Reporting Act, Immigration and Nationality Act, Victims of Crime Act, Telemarketing and Consumer Fraud and Abuse Prevention Act.
Title III of the USA PATRIOT Act, titled the “International Money Laundering Abatement and Financial Anti-Terrorism Act of 2001,” was enacted to prevent and prosecute international money laundering which is key to financing terrorism. Title IIII amended the Money Laundering Control Act of 1986 as well as the Bank Secrecy Act of 1970. Title III strengthened the banking rules against money laundering, improved communication between law enforcement agencies and financial institutions, enlarged oversight of currency smuggling and counterfeiting, and significantly increased the maximum penalty for currency counterfeiting.
USA PATRIOT Act was enacted as United States Public Law 107-56 effective on October 26, 2001; compiled at 115 Stat. 272; it amended at least 10 Titles, 8, 12, 15, 18, 20, 31, 42, 47, 49 and 50. The law has been amended several times and various provisions have expired or been reenacted.