adam's notes

Analyzing a Law

  • Analyzing law in the context of privacy laws as an information security professional

Determining Jurisdiction

  • first determine the jurisdiction of the law
    • the geographic area to which the law applies
  • done by:
    • reading the law itself
    • assessing the power of the body that created the law
  • e.g., GDPR applies to the personal information of EU residents worldwide
    • even if data is stored in U.S., EU claims jurisdiction
  • applicability of GDPR continues to evolve
    • 2019 ruling by European Court of Justice limited the applicability
    • ruled that the right to be forgotten applies only within the EU
    • Google LLC v. Commission nationale de l’informatique et de libertés
  • courts have jurisdictions defined by the power the court has to render legal judgements in both their subject matter and their geographic authority
    • e.g., Seventh Circuit Court of Appeals has authority over Indiana, Illinois, and Wisconsin

Scope and Application

  • Next, determine the scope and application of the law to your organization’s operations
  • e.g.,
    • FERPA to colleges and universities
    • HIPAA to medical providers

Graph View

Backlinks