References:
US on European rules – http://export.gov/safeharbor/eu/eg_main_018493.asp
EU Data Protection Video – http://www.youtube.com/watch?v=3HwMgE3zPIE
EU Data Protection – http://ec.europa.eu/justice/data-protection/index_en.htm
Definitions: http://en.wikipedia.org/wiki/Information_security
Confidentiality
Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems. For example, a credit card transaction on the Internet requires the credit card number to be transmitted from the buyer to the merchant and from the merchant to a transaction processing network. The system attempts to enforce confidentiality by encrypting the card number during transmission, by limiting the places where it might appear (in databases, log files, backups, printed receipts, and so on), and by restricting access to the places where it is stored. If an unauthorized party obtains the card number in any way, a breach of confidentiality has occurred.
Confidentiality is necessary (but not sufficient) for maintaining the privacy of the people whose personal information a system holds.[citation needed]
[edit]Integrity
In information security, integrity means that data cannot be modified undetectably.[citation needed] This is not the same thing as referential integrity in databases, although it can be viewed as a special case of Consistency as understood in the classicACID model of transaction processing. Integrity is violated when a message is actively modified in transit. Information security systems typically provide message integrity in addition to data confidentiality.
[edit]Availability
For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly. High availability systems aim to remain available at all times, preventing service disruptions due to power outages, hardware failures, and system upgrades. Ensuring availability also involves preventing denial-of-service attacks.
[edit]Authenticity
In computing, e-Business, and information security, it is necessary to ensure that the data, transactions, communications or documents (electronic or physical) are genuine. It is also important for authenticity to validate that both parties involved are who they claim to be.
[edit]Non-repudiation
In law, non-repudiation implies one’s intention to fulfill their obligations to a contract. It also implies that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction.
Electronic commerce uses technology such as digital signatures and public key encryption to establish authenticity and non-repudiation.
