5. Enforcement of Privacy and Security Laws

Question 1

What are the three legal action bodies?

Answer 1

1. civil litigation
2. Criminal litigation
3. Adminsitrative Enforcement

Question 2

What are the elements for Civil litigation? 
Definition-D
Initiated by- I
Burden of Proof- B 
Punishment-P
Source of Law-S

Answer 2

D-Disputes between indv/orgs 
I-Private party/government 
B-Preponderance of evidence 
P-Monetary compensation or injunction 
S-Tort and Contracts

Question 3

What are the elements of Criminal litigation? 
Definition-D
Initiated by- I
Burden of Proof- B 
Punishment-P
Source of Law-S

Answer 3

D-Court proceedings for criminal prosecution
I-Government
B-Beyond a reasonable doubt
P-Fines, restitution, incarceration, death
S-Constitutions and Case law

Question 4

What are the elements of Administrative enforcement?
Definition-D
Initiated by- I
Burden of Proof- B 
Punishment-P
Source of Law-S

Answer 4

D-Adjudication by an agency 
I-Governmental agency 
B-Burden of persuasion 
P-Actions, fines 
S-statues that create and empower an agency

Question 5

What are the categories for civil litigation arising from tort or contracts?

Answer 5

1. Negligence- absence of/failure to exercise proper or ordinary care.
2. Breach of warranty- Failure of a seller to fulfill terms as promise, claim, rep
3. Misrepresentation: False security about the safety or product or service
4. defamation- defamed by libel (written) slander(oral)
5. Strict tort liability- extension of responsibility of the vendor who might be injured by a product or service
6. Statutory actions- action required permitted or enacted by statue

Question 6

The FTC has responsibility over what three regs?

Answer 6

1. COPPA
2. CAN-SPAM
3. HITECH (Shared)

Question 7

Emerging Tech: What are data brokers?

Answer 7

are entities that collect, aggregate and sell individuals’ personal data, derivatives and inferences from disparate public or private sources.

• Data is often gathered without the data subject’s knowledge or consent
• Data can be combined to reveal personal information not available from a single source
• The FTC encourages data minimization practices and calls for federal legislation
• Vermont and California have data broker laws

Question 8

Emerging Tech: what is bulk data?

Answer 8

a term used to describe the large data sets that organizations have been able to collect due to the exponential growth in the amount and availability of data.

Concerns about big data often revolve around a lack of clear notice to data subjects about how their data will be used, as well as how advanced analytics can be used to repurpose data in ways the data subject did not agree to when the data was collected.

Question 9

Emerging Tech: What is Artificial Intelligence?

Answer 9

a broad term used to describe a process where machines learn from experience, adjusting to new inputs and potentially performing tasks previously done by humans.

Often used for automated decision-making
• The FTC states that “AI tools should be transparent, explainable, fair and empirically sound, while fostering accountability”

Question 10

Emerging Tech: What are Biometrics?

Answer 10

are physical or behavioral characteristics that can be used to digitally identify individuals. They include fingerprints, facial patterns, voice patterns and retinal images.

• Privacy concerns: Biometrics are inherently identifying, cannot be changed if compromised, can be collected without the individual’s knowledge or consent and can be used to track locations and activities
• Several states have laws or statutes governing the use of biometrics, including Illinois, Texas, Washington, California, New York and Arkansas

Question 11

Emerging Tech: What is the Internet of Things?

Answer 11

a term used to describe the many devices that are connected to the internet. Any device that is built with a network interface can be assigned an IP address
to allow for automation and remote access.

• Includes “smart” devices (such as phones, TVs, homes), connected cars, wearable technology, biometric scanners, tracking devices
• Potential for data to be collected and shared without the data subject’s knowledge or consent
• Collected data can be used in targeted advertising
• May allow for cross-device tracking of individuals
• Concerns include effects on data security, data minimization, notice and choice

Question 12

What are the key concepts of Department of Commerce?

Answer 12

1. Leading role in federal privacy policy development

2. EU-U.S. Privacy Shield administration; leads diplomatic discussions on replacement/enhancement

Question 13

What are the key concepts of Department of Homeland Security?

Answer 13

• E-Verify program; rules for air traveler records (TSA)

* Immigration; other border issues (Immigration and Customs Enforcement)

Question 14

What are the key concepts of the Sate Department?

Answer 14

• Negotiates on privacy issues with other countries and in multinational groups

Question 15

What are the key concepts of Department of Health and Human Services/Office for Civil Rights?

Answer 15

• Involved in enforcing HIPAA rules

* Works in conjunction with the Department of Justice to refer possible criminal violations of HIPAA

Question 16

What are the key concepts of Department of Transportation?

Answer 16

• Transportation companies
• Drones (FAA)
• Internet-connected cars (National Highway Traffic Safety Administration)

Question 17

What are the key concepts of IRS?

Answer 17

• Privacy rules concerning tax records

Question 18

What are the key concepts of Office of Management and Budget?

Answer 18

• Interpretation of Privacy Act of 1974

* Guidance to federal agencies and their contractors for privacy program management and other privacy requirements