Enforcement of U.S. Privacy and Security Laws

Question 1

Who is the lead privacy enforcer in the government?

Answer 1

FTC

Question 2

Define:

civil ligitation

Answer 2

occurs in courts where plaintiff sues defendant to redress a wrong

Question 3

Define:

criminal prosecution

Answer 3

• actions brought by the government for violations of criminal laws
• prosecuted by DOJ or state AG/DAs

Question 4

Define:

administrative enforcement actions

Answer 4

• carried out pursuant to statutes that create and empower an agency, such as the FTC
• rules for agency enforcement actions occur under the Administrative Procedure Act (APA) which sets forth rules for adjudication within an agency, where court-like hearings may take place before an administrative law judge

Question 5

Can a federal agency sue?

Answer 5

federal agency may sue a party in federal court, with the agency as the plaintiff in the civil action

Question 6

Who is the enforcer for medical privacy?

Answer 6

Office of Civil Rights (OCR) in Department of Health and Human Services (HHS) enforces the Health Insurance Portability and Accountability Act (HIPAA)

Question 7

Who is the enforcer for financial privacy?

Answer 7

• Consumer Financial Protection Bureau (CFPB) responsible generally for consumer protection issues
• federal financial regulators such as the Federal Reserve and the Office of Comptroller of the Currency (OCC) have privacy enforcement responsibilities for institutions under their jurisdiction under the Gramm-Leach-Bliley Act (GLBA)

Question 8

Who is the enforcer for educational privacy?

Answer 8

U.S. Department of Education enforces the Family Educational Rights and Privacy Act (FERPA)

Question 9

Who is the enforcer for telecommunications and marketing privacy?

Answer 9

Federal Communications Commission (FCC) has responsibilities under the Telephone Consumer Protection Act and other statues

Question 10

Who is the enforcer for workplace privacy?

Answer 10

agencies including Equal Employment Opportunity Commission (EEOC) responsible for enforcing protections in the Americans with Disabilities Act (ADA) and other anti discrimination statutes

Question 11

How is the U.S. Department of State involved in privacy oversight, enforcement and policy?

Answer 11

increasingly active, especially by negotiating internally on privacy issues with other countries

Question 12

How is the Department of Commerce involved in privacy oversight, enforcement and policy?

Answer 12

leading role in federal policy development and has traditionally administered agreement on privacy protection for data flows between the U.S. and the EU

Question 13

How is the Department of Transportation involved in privacy oversight, enforcement and policy?

Answer 13

traditionally enforced violations of agreement on privacy protections for data flows between the U.S. and EU for some transportation companies

Question 14

How is the FAA involved in privacy oversight, enforcement and policy?

Answer 14

increasing role for drones

Question 15

How is the Office of Management and Budget involved in privacy oversight, enforcement and policy?

Answer 15

lead agency for interpreting Privacy Act of 1974, which applies to federal agencies and private-sector contractors to those agencies

Question 16

How is the IRS involved in privacy oversight, enforcement and policy?

Answer 16

subject to privacy rules concerning tax records

Question 17

How is the Department of Homeland Security involved in privacy oversight, enforcement and policy?

Answer 17

faces numerous privacy issues such as E-Verify program for new employees; rules for air traveler records under TSA; and immigration and other border issues

Question 18

How is the Department of Energy involved in privacy oversight, enforcement and policy?

Answer 18

dealing with Smart Grid for electric utility system

Question 19

How is the DoJ involved in privacy oversight, enforcement and policy?

Answer 19

sole federal agency to bring criminal enforcement actions

Question 20

How does self-regulation occur through legislation?

Answer 20

only occurs at the quasi-legislative stage (i.e., voluntary industry rulemaking)

Question 21

How can the government be involved with self-regulation?

Answer 21

• at enforcement and adjudication
• for example, company writes own privacy policy and under Section 5, FTC can decide whether to bring enforcement action and adjudication can occur in front of ALJ

Question 22

Define:

third-party privacy seal and certification programs

Answer 22

• services offered by the 3Ps provide methods for third parties to oversee compliance
• companies may demonstrate compliance and improve consumer confidence by displaying a trust mark in the form of a seal, logo or other certification showing that they are part of the certification program

Question 23

Digital Advertising Alliance (DAA)

Answer 23

• coalition of media and advertising companies and developed an icon program intended to inform consumers about how they can exercise choice with respect to online behavioral advertising

Question 24

AdChoice system

Answer 24

AdChoices system allows users to click on an icon near an ad or or to visit AdChoices website and choose to what extent the user will view behavioral ads from participating advertisers