The U.S. government also classifies its data and specifies rules for using classified information. President Barack Obama signed Executive Order 13526 in December 2009, which describes a system for classifying national security information. The Order establishes three classification levels—confidential, secret, and top secret. The difference between the levels is the amount of harm that could be caused to U.S. security if the data were disclosed to an unauthorized person.
The Order also sets forth the rules to follow when using national security information. Among other rules, it states how the information must be marked and identified. It also gives instructions on how long it must remain classified. In addition, the Order specifies when to release such information to the public.
Individuals and organizations may belong to voluntary membership groups that seek to promote information security. Group members often have rules that they agree to follow. These rules usually set forth behavior expectations and are usually ethical in nature. They sometimes are called a code of practice or code of ethics.
Whole organizations also participate in voluntary membership groups and agree to follow the terms of codes of conduct. For example, the Internet Commerce Association (ICA) adopted a code of conduct for its member organizations in 2007 to provide for fair practice in the domain name industry. Its rules require protection of intellectual property rights, as well as for members to abide by internet fraud laws, including laws to stop the spread of phishing scams. You can learn more about the code at www.internetcommerce.org/about-us/code-of-conduct/.