Ch. 1: Introduction to the U.S. Privacy Environment Flashcards
What are the primary regulatory authorities that regulate privacy in the U.S.?
i. Federal Trade Commission (FTC)
ii. Federal Communications Commission (FCC)
iii. Department of Commerce (DoC)
iv. Department of Health and Human Services (HHS)
v. Banking Regulators
What are the primary banking regulators that regulate privacy in the U.S.?
i. Federal Reserve Board
ii. Comptroller of the Currency
iii. Consumer Financial Protection Bureau (CFPB)
iv. Federal Deposit Insurance Corporation (FDIC)
v. National Credit Union Administration
Federal Trade Commission (FTC)
General authority to enforce the rules against unfair and deceptive trade practices (including the power to bring deception enforcement actions where an individual has broken a privacy promise).
- Lead agency for privacy enforcement
- Protects consumers against unfair and deceptive practices
- Enforces Children’s Online Privacy Protection Act (COPPA)
- Lacks authority over financial institutions
Federal Communications Commission (FCC)
Summary: Regulates interstate and international communications providers
Detail: Places significant compliance regulations on and govern the communications industry, such as television, radio, and telemarketing, and more recently, with online marketing developing such laws as the Telemarketing Sales Rule and the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act).
Department of Health and Human Services (HHS)
Creates regulations to protect the privacy and security of healthcare information. Responsible for enforcing HIPAA laws. The HHS shares rule-making and enforcement power with the FTC for data breaches related to medical records under the Health Information Technology for Economic and Clinical Healthcare Act (HI-TECH Act)
Federal Reserve Board (Fed)
Responsible for enforcing provisions of specific federal financial regulatory mandates, such as the Gramm-Leach-Bliley Act (GLBA)
Comptroller of the Currency
Regulates and supervises all national and federal banks and savings institutions, including agencies of foreign banks. Ensures fair access to financial services and compliance with financial privacy laws and regulations.
Consumer Financial Protection Bureau
Summary: Regulates how financial institutions handle personal information
Detail: An independent bureau under the Federal Reserve. CFPB has rule marking authority for laws related to financial privacy and oversees the relationship between consumers and financial products and services providers
State Attorney General
Chief legal advisor to the state government / state’s chief law enforcement officer. Authority to take enforcement action on a state’s unfair and deceptive practice law, HIPAA, GLBA, the Telemarketing Sales Rule, and violations of breach notification laws
Self-Regulation Model
Organizations that monitor privacy through internal privacy practices, frameworks/guidelines, policies and procedures, created and monitored by industry groups
Payment Card Industry Data Security Standard (PCI DSS)
One of the most successful self-regulatory frameworks ever
Trust Marks
Images or logos of third-party seal and certification programs that are displayed on websites to indicate that it has adopted the guidelines or a program and passed a security and privacy test
Criminal Liability
Violations of criminal law with charges by the government. Parties that include depriving someone of their liberty.
Mens rea
The mens rea standard requires that a person had criminal intent
Civil Liability
Failure to carry out a legal duty owed to another party. Charges brought to courts by the claimant.
What are the three categories of legal liability?
- Legal Liability - contracts, torts, civil enforcement
- Negligence
- Strict Liability
Contract
Agreement by two parties. Made up of three parts: (1) Offer; (2) Acceptance; and (3) Consideration. Contracts are legally binding agreement between two parties and are enforceable in court.
What are the basic conditions of a contract?
i. Capacity to enter contract
ii. Offer
iii. Acceptance
iv. Consideration
v. Mutual intent to be bound.
vi. Breach of Contract – handled in civil court
Tort
Civil wrongs recognized by law as grounds for a lawsuit. These wrongs result in an injury or harm that constitutes a basis for a claim
Civil Enforcement
A person may sue based on a violation of a law when a law creates a private right of action
Negligence
An organization will be liable for damages if it breaches a legal duty to protect person information and an individual is harmed by that breach.
Negligence Liability Factors
- Duty of care
- Breach of duty
- Damages
- Causation
Invasion of Privacy
The violation of a person’s reasonable expectation to be left alone.
Four legal standards of an invasion of privacy
- Invasion of solitude
- Disclosure of private facts
- False light
- Appropriation