Page 286 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 286
the parents of minor students. Specific FERPA protections include the
following:
Parents/students have the right to inspect any educational records
maintained by the institution on the student.
Parents/students have the right to request correction of records
they think are erroneous and the right to include a statement in the
records contesting anything that is not corrected.
Schools may not release personal information from student records
without written consent, except under certain circumstances.
Identity Theft and Assumption Deterrence Act In 1998, the
president signed the Identity Theft and Assumption Deterrence Act
into law. In the past, the only legal victims of identity theft were the
creditors who were defrauded. This act makes identity theft a crime
against the person whose identity was stolen and provides severe
criminal penalties (up to a 15-year prison term and/or a $250,000
fine) for anyone found guilty of violating this law.
Privacy in the Workplace
One of the authors of this book had an interesting conversation
with a relative who works in an office environment. At a family
Christmas party, the author’s relative casually mentioned a story
he had read online about a local company that had fired several
employees for abusing their internet privileges. He was shocked
and couldn’t believe that a company would violate their employees’
right to privacy.
As you’ve read in this chapter, the U.S. court system has long
upheld the traditional right to privacy as an extension of basic
constitutional rights. However, the courts have maintained that a
key element of this right is that privacy should be guaranteed only
when there is a “reasonable expectation of privacy.” For example, if
you mail a letter to someone in a sealed envelope, you may
reasonably expect that it will be delivered without being read along
