Abstract
The General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA) are meant to secure our data, but sometimes it feels as if organizations don’t do enough to secure and protect our data and privacy. Even some of the things organizations may do to improve security may sound counterintuitive like hiring ethical hackers or penetration testers. This research looks at the effects both, the GDPR and HIPAA, have had on cybersecurity practices and policies of organizations. This paper aims to analyze the effects of both the GDPR and HIPAA, answer whether ethical hacking is justified, analyze the legal and ethical impacts of cyber operations, and answer how to balance security, surveillance, and corporate responsibility. Data was gathered through articles and publications about the topic. Analysis of the data found that the GDPR is strong and has had a global influence while HIPAA is weaker and didn’t have strict enough enforcement mechanisms. It also found that ethical hacking is justified, that there should be an independent ethical review mechanism as well as an international treaty on cyber operations, and that government surveillance should only be done in areas with lots of terrorist activity.
Faculty Advisor/Mentor
Jonathan S. Takeshita
Document Type
Paper
Disciplines
Computer Law
DOI
10.25776/napx-4c91
Upload File
wf_yes
Included in
The Legal and Ethical Impacts of Cybersecurity Practices on Privacy and Digital Rights
The General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA) are meant to secure our data, but sometimes it feels as if organizations don’t do enough to secure and protect our data and privacy. Even some of the things organizations may do to improve security may sound counterintuitive like hiring ethical hackers or penetration testers. This research looks at the effects both, the GDPR and HIPAA, have had on cybersecurity practices and policies of organizations. This paper aims to analyze the effects of both the GDPR and HIPAA, answer whether ethical hacking is justified, analyze the legal and ethical impacts of cyber operations, and answer how to balance security, surveillance, and corporate responsibility. Data was gathered through articles and publications about the topic. Analysis of the data found that the GDPR is strong and has had a global influence while HIPAA is weaker and didn’t have strict enough enforcement mechanisms. It also found that ethical hacking is justified, that there should be an independent ethical review mechanism as well as an international treaty on cyber operations, and that government surveillance should only be done in areas with lots of terrorist activity.