Government And Court Sccess To Private Section Information

Question 1

Bank secrecy act of 1970 or BSA

Answer 1

Authorizes the US treasury secretary to issue regulations that impose extensive record keeping and suspicious reporting requirements on financial institutions. Must keep records and files on reports on certain financial transactions including currency transactions in excess of 10K which may be relevant to criminal tax or regulatory proceedings

Question 2

What are some examples of Required disclosure of personal data by law

Answer 2

Bank secrecy act - money laundering
Us food and drug administration - requires health professionals and drug manufacturers to report serious adverse events product problem etc
OSHA- reporting information about workplace injuries
States require reporting of certain types of injuries (abuse, gunshot wounds, immunization records)

Question 3

Examples of disclosures permitted by not required by law

Answer 3

HIPAA permits but does not require companies to disclose PHI when required to do so by a state law that may require reporting of medical information. Also for public health, law enforcement, and national security

USA patriot act permits but does not require the owner of a computer system to provide access to their computer if

• the owner authorized it
• the person requesting is engaged in the investigation
• the interception does not require communications other than those transmitted
• the person requesting has reasonable grounds to believe the contents are relevant to the investigation

Question 4

Examples of disclosure forbidden by law

Answer 4

HIPAA and COPPA Gramm-leach Bailey act
For investigations and litigation evidentiary privileges can also prohibit disclosures
-attorney client privilege
- doctor patient
- spouse 
- person accused of the crime

Question 5

Wiretaps

Answer 5

Federal law is strict in prohibiting wiretaps of telephone calls, under federal law interception is permitted if one of the parties has given consent.
Interception of these communications is a criminal offense and provides a private right of action.
Many states have strict rules that all of the parties to the call must consent ( this call is being recorded for quality assurance example)
Another exception is if the interception is done in the ordinary course of business ( if the employer provides the phone or email service, and monitoring is done in the normal business hours.. call center or scanning emails for malware)
Federal law is not preemptive to state laws

Question 6

Stored records

Answer 6

The stored communication act (SCA) crested a general prohibition against the unauthorized acquisition alteration or blocking of electronic communications while in electronic storage in a facility through which an electronic communication service is provided

Many states require notice be provided to an employer who engages in any type of electronic monitoring

Question 7

Pen registers

Answer 7

Pen registers recorded the telephone numbers of outgoing calls
Trap and trace recorded the telephone numbers that called into a particular number

ECPA allowed for pen registers and trap and trace records from a judge if relevant to an ongoing investigation

Question 8

CALEA

Answer 8

The communications assistance to law enforcement act
Also known as the digital telephony act
Implanted by the FCC
Requires telecommunications carriers to cooperate in the interception of communications for law enforcement and other needs relating to the security and safety of the public to
Requires them to design their products and services to ensure they can carry out lawful order to provide government access to communications
Includes telecommunication carriers, providers of broadband internet access, and voice over internet protocol.

Question 9

CISA

Answer 9

Cyber security information sharing act
Participation by companies is voluntary and provisions includes:
- authorization for a company to share or receive cyber threat indicators or defensive measures
- requirement for company to remove personal information before sharing
- sharing information with federal government does not waive privileges
- shared information exempt from federal and state FOIA laws
- prohibition on government using shared information to regulate or take enforcement actions against lawful activities
- authorization for companies monitoring and operating defensive measures
- protection from liability for monitoring activities

Question 10

Right to financial privacy act of 1978

Answer 10

No government authority may have access to or obtain copies of or the information contained in the financial records of any customer from a financial institution unless the financial records are reasonably described and meet at least one of these conditions:

• the customer authorizes access
• there is an appropriate administrative subpoena or summons
• there is a qualified search warrant
• there is an appropriate judicial subpoena
• there is an appropriate formal written request from an authorized government authority

Question 11

Privacy protection act (PPA)

Answer 11

Provides an extra layers of protection for members of the media and media organizations from government searches or seizures in the course of a criminal investigation

Government officials engaging in criminal investigations are not permitted to search or seize media work products or documentary materials reasonably believed to have a purpose to disseminate to the public

Requires law enforcement to use a subpoena or voluntary cooperation to obtain evidence

Applies to government and only to criminal investigations not civil.

Question 12

FISA

Answer 12

Foreign intelligence surveillance act
Establishes standards and procedures for electronic surveillance that collects foreign intelligence within the US
FISA orders can occur when foreign intelligence gathering is a significant purpose of the investigation
FISA orders occur based on probable cause that the party to be monitored is a foreign power
Can request wiretaps, pen registers and trap and trace orders and order video surveillance
No disclosures are required to the target, but companies can publish how many orders they have received

Question 13

National security letters

Answer 13

A category of subpoena
Used to seek records relevant to protect against international terrorism or clandestine intelligence activities.
Can be issued without any judicial involvement
Recipients can petition to modify or set aside an NSL if compliance would be unreasonable or oppressive
Recipients of NSLs are bound to confidentiality only if there is a finding by the requesting agency of interference with a criminal or counterterroisim investigation
Recipients can disclose the request to those necessary to comply and to an attorney for legal assistance
Recipients can petition a court to modify or end the secrecy requirement
Breach of confidentiality are punishable up to 5 years in prison and fines up to 250k

Question 14

USA freedom act

Answer 14

Sets new rules for national security investigations prohibiting the use of pen registers and trap and trace orders for bulk collection and restricting their use to circumstances where there were specific selectors such as an email address or telephone number

Ended bulk collection conducted under section 215 of the USA patriot act
Company officials are now permitted to release statistics about the number of requests received in a given time period and the government is required to report its numbers increase a year

Was passed in response to the Snowden revelations

Created a group on independent experts in the area of privacy and civil liberties called amicus curiae to brief the FISC on novel or significant matters of law

Question 15

USA patriot act

Answer 15

Made changes to Anti money laundering laws - implemented know your customer requirements to deter money laundering
Expanded definition of pen registers and trap and trace orders to include dialing, routing, addressing, or signaling information transmitted to or from a device or process
Provided the flexibility to use foreign intelligence wiretaps more often and with flexible legal limits
Section 215 allows a federal court to require production of any tangible thing for defined foreign intelligence and anti terrorism investigations
Expanded the use of NSLs and had strict rules against disclosing that an organization has received an NSL

Question 16

The ClOUD act

Answer 16

The clarifying lawful overseas use of data act
US federal law that amends the SCA to allow federal law enforcement to compel US based technology companies via warrant or subpoena to provide requested data stored on servers regardless of whether the data are stored in the US or on foreign soil

Question 17

Federal Rules of Civil Procedure

Answer 17

Lawyers are required to redact certain sensitive personal information before it goes into court files.
Applies to both paper and electronic filings
No more than the following can be included in court filings
- last 4 of the SS number and taxpayer identification number
- year of the individuals birth
- only the minors initials
- last 4 of the financial account number

Question 18

Federal rule of civil procedure requirements for subpoena

Answer 18

State the court from which it is issued
State the title of the action and its civil action number
Command each person to whom the subpoena is directed to conduct certain activities (produce documents, attend and testify etc)
Set out the text of the rules describing a persons right to challenge or modify the subpoena

Question 19

Sedona conference

Answer 19

Key guidelines for email retention

• email retention policies should be administered by interdisciplinary teams across a diverse array of business units
• teams should continually develop their understanding of the policies and identify gaps between policy and practice
• interdisciplinary teams should reach consensus as to polices while looking to industry standards
• technical solutions should meet and parallel the functional requirements of the org

Question 20

4th amendment

Answer 20

Protecting privacy is major theme, which prohibits the government from making unreasonable searches and seizures.
Sets limits on searches of physical and personal information through wiretaps and company info.

Question 21

Who is covered under the BSA

Answer 21

Banks, securities brokers and dealers, money services businesses, telegraph companies, casinos, clubs, and other entities subject to supervision by any state or federal bank supervisory authority

Question 22

BSA enforcement

Answer 22

Civil penalties - 100 max
Criminal penalties - 100k and or 1 year in prison or 10k and or 5 years in prison
Negligence penalties - $500 per violation
Failure to comply with due diligence requirements - up to 1 million
Failure to comply with regulations -5K per day
Failure to comply with information sharing requirements - 25k per day

Question 23

BSA suspicious activity reports

Answer 23

Must be filled when

• a financial institution suspects an issuer is committing a criminal e regardless of dollar amount
• the entity detects a possible crime involving 5K or more and has a basis for identifying a suspect
• entity detects a possible crime involving 25k or more even if there is no basis for identifying a suspect
• the entity suspects currency transactions aggregating 5K or more that involve potential money laundering or a violation of the act

Question 24

Monitoring activities strictest to least strictest

Answer 24

1 - telephone monitoring and other tracking of oral communications
2 - privacy of electronic communications
3 - video surveillance (little applicable law)

Question 25

Evidence stored in a different country

Answer 25

Microsoft Ireland case
Federal court ruled that the SCA did not require the company to provide electronic evidence that was stored outside of the US
Created greater reason to support mutual legal assistance (MLA) reform to gain evidence from Ireland and other counties where relevant data is stored

Other countries / governments have to comply with our ECPA to gain access to email social network or other electronic evidence held by companies