The USA Freedom Act places new mandates on how corporations collect, process, and store data and at the same time allows investigators to use the tools that were already available under the USA Patriot Act to monitor the flow and retrieval of data.
U.S. law enforcement could use the USA Freedom Act on a U.S. based organization - like Microsoft, Google, Intel or Amazon, for example - to force its local subsidiary companies across the world into handing over user data to US authorities. At the same time this has put the onus on US corporations to comply with the mandates of the law.
EU data once may have 'had to stay in Europe', but this is on the most part untrue. The Safe Harbor framework, designed to protect EU data in the United States, protects merely the transfer of data from Europe to US soil. But as soon as it arrived on U.S. soil, Safe Harbor can be superseded by America's counter-terrorism law.
U.S. corporations survive by having subsidiary or smaller companies in foreign locations, to communicate and collaborate with their clients on the ground in their locale. These subsidiary companies are wholly owned and controlled by their U.S. parent. If a U.S. parent company receives a request from the US government to inspect data held by a subsidiary company in a foreign location, the subsidiary would therefore have no choice but to hand over the data to their US based parent.
As a result, universities, businesses and organizations which hold vast quantities of student and citizen data in the European cloud, are not protected against the US . counter-terrorism laws, which arguably infringe the freedoms and liberties of non-US citizens.
No company or organization can wholly guarantee that data in European data centers will under no circumstances leave European soil. Until a company comes forward and unequivocally states otherwise, then this series of posts stands true.
The USA Freedom Act Security Bundle contains the Security Manual Template, all of the procedures and electronic forms in the CIO Infrastructure policy bundle, 17 key security job descriptions and the Disaster Recovery Business Continuity Template.
The USA Freedom Act Security Bundle has been updated to reflect all of the legislation that has be enacted by the US Congress. Plus you have the option to order this bundle with 12 months of update service so that as interpretations of the law are made you will receive updates to the bundle as they are made.
Policies included in the USA Freedom Act Security Bundle are:
- Backup and Backup Retention Policy
- Blog and Personal Web Site Policy (Includes electronic Blog Compliance Agreement Form)
- BYOD Policy Template (Includes electronic BYOD Access and Use Agreement Form)
- Incident Communication Plan Policy (Updated to include social networks as a communication path)
- Internet, e-mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (Includes 5 electronic forms to aid in the quick deployment of this policy)
- Mobile Device Access and Use Policy
- Patch Management Policy
- Outsourcing and Cloud Based File Sharing Policy
- Physical and Virtual Security Policy
- Record Classification, Management, Retention, and Destruction policy
- Sensitive Information Policy (HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form)
- Service Level Agreement (SLA) Policy Template with Metrics
- Social Networking Policy (includes electronic form)
- Telecommuting Policy (includes 3 electronic forms to help to effectively manage work at home staff)
- Text Messaging Sensitive and Confidential Information
- Travel and Off-Site Meeting Policy
- IT Infrastructure Electronic Forms
Table of Contents
The USA Freedom Act Security Bundle contains the tools you need to comply with the USA Freedom Act and to protect your most valuable assets. Each product comes in MS WORD format and the bundle contains:
- Security Manual Template is a complete Security Manual can be used in whole or in part to establish defined responsibilities, actions and procedures to manage the security of your infrastructure, computer systems, communication, Internet and network environment
- CIO IT Infrastructure Policy Bundle - USA Freedom Act compliant policies plus over 50 ready to use electronic forms
- Security Job Descriptions including Chief Compliance Officer (CCO); Chief Security Officer (CSO); VP Strategy and Architecture; Director e-Commerce; Database Administrator; Data Security Administrator; Manager Data Security; Manager Facilities and Equipment; Manager Network and Computing Services; Manager Network Services; Manager Training and Documentation; Manager Voice and Data Communication; Manager Wireless Systems; Network Security Analyst; System Administrator - Linux; System Administrator - Unix; and System Administrator - Windows
- Disaster Recovery Plan Template It is a complete DRP and can be used in whole or in part to establish defined responsibilities, actions and procedures to recover the computer, communication and network environment in the event of an unexpected and unscheduled interruption