The Securities and Exchange Commission (SEC) is a federal agency. It is charged with regulating the securities industry, which includes all sales or trades of securities. Securities include stocks, bonds, and options.

If a company is involved with the sale or trade of securities, then IT security personnel should be aware of these laws:

• Securities Act of 1933
• Securities Exchange Act of 1934
• Trust Indenture Act of 1939
• Investment Company Act of 1940
• Investment Advisors Act of 1940
• Sarbanes-Oxley Act of 2002
• Dodd-Frank Act of 2010

Many of these laws also apply if the company is a publicly traded company, which is any company that has stock that outside investors can buy and sell.

The Federal Deposit Insurance Corporation (FDIC) is a federal agency created in 1933. The primary goal is to promote confidence in U.S. banks. The FDIC was created as a direct result of the bank failures that occurred in the 1920s and early 1930s, which led to the Great Depression.

Funds in all banks insured by the FDIC are guaranteed, meaning depositors will not lose their money, even if the bank goes bankrupt. The purpose is to prevent a run on a bank, which is when many depositors rush to withdraw their money.

Currently, funds for individual depositors are insured up to $250,000. The National Credit Union Administration (NCUA) covers credit unions, and it also insures deposits up to $250,000.

The Department of Homeland Security (DHS) is a federal agency. It is responsible for protecting the United States from terrorist attacks and is charged with responding to natural disasters.

The DHS was formed in 2002 as a direct response to the terrorist attacks of September 11, 2001. It includes several divisions that are related to IT, which include:

• Office of Cybersecurity and Communications
• National Cybersecurity and Communications Integration Center (NCCIC)
• United States Computer Emergency Readiness Team (US-CERT)

The Federal Trade Commission (FTC) is a federal agency. It was created in 1914, with the primary goal being to promote consumer protection, but that goal has changed over the years.

When the FTC was first created, its primary goal was to prevent unfair methods of competition. At that time, there were many special trusts in existence. These trusts were often engaged in anticompetitive practices, such as:

• Business monopolies
• Restraining trade
• Fixing prices

The creation of the FTC was one of many steps taken to “bust the trusts.” Over the years, Congress has passed several consumer protection laws that the FTC enforces. These laws grant the FTC authority to address consumer protection and unfair competition issues.

At this point, the original trusts are gone. However, the FTC is still in existence, and the focus has shifted to promote consumer protection.

FIGURE 3-2 shows the hierarchy of the FTC. As indicated in the figure, the FTC has three primary bureaus. These bureaus perform the following actions:

• Bureau of Consumer Protection—This bureau tries to protect consumers against unfair, deceptive, or fraudulent practices. The bureau enforces many consumer protection laws and trade regulation rules.
• Bureau of Competition—This bureau is the FTC’s antitrust arm. It seeks to prevent anticompetitive actions. These actions include anticompetitive mergers and anticompetitive business practices.
• Bureau of Economics—This bureau helps the FTC evaluate the economic impact of FTC actions. It provides economic analysis for different investigations and evaluates the economic impact of government regulations.

The FTC also has several supporting offices that perform additional work in support of the FTC.

Every state has a state attorney general (AG). The AG is the primary legal advisor for the state, and, for many states, the AG is also the chief law enforcement officer. Although all states have an AG, the specific responsibilities can vary from state to state. For example, in some states, the AG is tasked with specific IT issues, such as preventing identity theft.

Following are some of the responsibilities that can be assigned to an AG:

• Representing the state in all legal matters
• Defending the laws of the state
• Providing legal advice to all state entities
• Performing criminal investigations and prosecuting crimes as the chief law enforcement officer
• Reviewing all deeds, leases, and contracts for the state
• Protecting consumers by fighting identity theft and online scams
• Proposing legislation

Some AGs are elected, and others are appointed by the governor or other state officials. A state AG is a person who is granted the authority to represent the state in all legal matters, which is similar to how a general power of attorney is used. A state AG can be thought of as a person granted a general power of attorney for the state.

The U.S. Attorney General (U.S. AG) is the head of the United States Department of Justice (DOJ). The president of the United States nominates the U.S. AG.

Specific responsibilities of the DOJ include:

• Enforcing the law
• Defending the interests of the United States according to the law
• Ensuring public safety against threats
• Providing federal leadership in preventing and controlling crime
• Seeking just punishment for those guilty of unlawful behavior
• Ensuring fair and impartial justice for all Americans

Many actions that the U.S. AG takes fall into the arena of IT. For example, the U.S. AG announced an intellectual property task force in February 2010. Companies, organizations, and governments often transfer data using intellectual property systems and networks. The goal is to address intellectual property crimes on the national and international level. Many government leaders agree that the theft of intellectual property does significant harm to the economy.