Legal and Regulatory Requirements for Electronic Records

Protection of data from abuse, exposure and unauthorized access.

- Firms from new legal obligation for electronic record management and document
retention as well as for privacy protection.
- ERM consist of policies, procedures and tools for managing the relation,
distribution and storage of electronic records.

Laws:-
1. HIPAA (the Health Insurance Portability and Accountability Act 1996)
2. Gramm- Leach- Billey Act 1999
3. Sarbanes- Oxley Act 2002

Electronic Evidence and Computer Forensics

- Information from printed or type written, computer data stored on portable floppy
disk, CDs, external drives, computer hard disk, email, instant messages, e-
commerce, transaction over the internet are example of electronic evidence.
- Computer forensic is the scientific collection, examination, authentication,
preservation and analysis of data held on a retrieve from computer storage media in
such a way that information can be used as evidence in a court of law.

It deals with the following problems

Recovery data from computers while preserving evidential integrity.
Securely storing and handling recovered electronic data.
Finding significant information in a large volume of electronic data.
Presenting the information to a court of law.

7.6 Risk Assessment

- Before an organization comments resources to control it must know which assets
require protection & which assets are vulnerable.