Module 11: Civil Litigation and Government Investigations Flashcards
List the two main sources of privacy issues that arise when a company is responding to civil litigation
- Before trial, a company may receive civil “discovery” requests (These are requests for information by each party in a lawsuit)
- At a civil trial, the tradition of public records in the United States means that additional personal information may be revealed
Explain the involvement of privacy professionals in the common company practice of disclosure of personal information in response to litigation requests
Will need to come back to this one.
Discuss the main complexity in understanding the requirements in laws concerning whether an organization can release personal information in response to a request
Sometimes the same statute requires production of information in some circumstances, such as when a judge issues a court order, but prohibits production of the same information in other circumstances, such as when no court order exists
List at least two legal avenues that require a company to release personal information
- Certain U.S. laws require disclosure of personal information held by an organization
- Outside of these regulatory systems, records sometimes must be disclosed in the course of litigation
Define the concept of discovery as it pertains to civil litigation
In litigation, discovery essentially means information disclosed to another party in a lawsuit before trial - subject to rules of civil procedure
Describe the term subpoena
Companies with information relevant to civil litigation may receive a subpoena, which is an instruction to produce a witness or records
Explain the potential consequences of failing to respond to a subpoena
The court that issued a subpoena may hold in contempt any person who fails to appropriately respond to the subpoena - without an adequate excuse (Contempt of court can result in fines or imprisonment)
Name at least two federal laws that permit, but do not require, disclosure under appropriate circumstances
Under appropriate circumstances, HIPAA and the USA PATRIOT Act permit, but do not require, disclose of personal information
Name at least two federal laws that forbid disclosure in certain circumstances
HIPAA and GLBA forbid disclose of personal information in at least certain circumstances
List common evidentiary privileges that can prohibit disclosure
Common evidentiary privileges that can prohibit disclosure include
- Attorney-client privilege
- Doctor-patient
- Priest-penitent
- Spousal privilege
Name the amendment to the U.S. Constitution that protects an accused person from self-incrimination
A person accused of a crime in state or federal court can assert the privilege against self-incrimination under the Fifth Amendment to the U.S. Constitution
Name the laws that helped to created a strong tradition of public access to government records in the U.S.
The U.S. has a strong tradition of public access to government records, including under the federal Freedom of Information Act (FOIA) and state open records laws
Explain how changes in technology led to heightened privacy concerns regarding public court records
With the growth of the Internet, court systems began to consider putting their records online, and placing court records on the Internet raised privacy issues
Explain the purpose of a protective order
With a protective order, a judge determines what personal information should not be made public and what conditions apply to those who may access the protected information
Define the term qualified protective order
A QPO prohibits the parties from using or disclosing the protected health information for any purpose other than the litigation
Discuss the meaning of the term redaction
Redaction is the practice of identifying and removing or blocking information from documents being produced pursuant to a discovery request or as evidence in a court proceeding
Describe the significance of the Sedona Conference to e-discovery
An important source of standards and best practices for managing electronic discovery compliance through data retention policies is the Sedona Conference
List two laws that can create some tension between broad pretrial discovery powers and privacy protections
Although HIPAA and GLBA exist in harmony with discovery obligations, these laws create some tension between broad pretrial discovery powers and privacy protections
Explain the conflicting demands that parties engaged in discovery in U.S. litigation can be caught between when dealing with transborder data flows
On the one hand, parties must comply with U.S. discovery rules that expressly recognize the importance of broad preservation, collection and production
On the other hand, parties may also face compliance obligations under foreign laws that place an emphasis of the protection of personal data and recognize privacy as a fundamental right
Discuss the Hague Convention on the Taking of Evidence as it relates to discovery in U.S. litigation
The production of transborder data may be avoided by invoking the Hague Convention on the Taking of Evidence
Under the treaty, the party seeking to displace the Federal Rules of Civil Procedure bears the burden of demonstrating that it is more appropriate to use the Hague Convention and must establish that the foreign law prohibits the discovery sought
Describe the main privacy protection in the Fourth Amendment to the U.S. Constitution
The Fourth Amendment to the U.S. Constitution’s privacy protection is to prohibit the government from making unreasonable searches and seizures
Describe the best-known test from the 1967 case of Katz v. United States
The 1967 case of Katz v. United States is best remembered today for the widely cited “reasonable expectation of privacy” test
There is a twofold requirement:
- first, a person has exhibited an actual (subjective) expectation of privacy and,
- second, that the expectation be one that society is prepared to recognize as ‘reasonable’
List the two main exceptions to the Katz test
Two important exceptions exist to the Katz requirement of a warrant where a reasonable expectation of privacy exists: “in public” and “third party”
Discuss three recent Supreme Court privacy cases
- In Jones, the Supreme Court held that a warrant was needed when the police placed a Global Positioning System (GPS) device on a car and tracked its location for over a month
- Carpenter similarly required a warrant for cell phone location
- In Riley, the Supreme Court held that the contents of a cell phone cannot be searched unless law enforcement officers first obtain a search warrant
List at least two statutes where some legal process is required for law enforcement to access records, but the requirements are not as strict as a probable cause warrant approved by a neutral magistrate
The Right to Financial Privacy Act of 1978 and the Electronic Communications Privacy Act of 1986 are two statutes where Congress has required some legal process for law enforcement to access records, but the requirements are not as strict as a probable cause warrant approved by a neutral magistrate
Name at least one statute that has law enforcement provisions that permit, but do not require, companies to release personal information to law enforcement
HIPAA is an example of a statute that has law enforcement provisions which permit, but do not require, companies to release personal information to law enforcement
List the federal statute that governs wiretaps of telephones
The Title III of the Omnibus Crime Control and Safe Streets Act of 1968 is generally strict in prohibiting wiretaps of telephone calls
Name the amendment to the federal law governing wiretaps that extended the restrictions on intercepting communications to electronic communications
The Electronic Communications Privacy Act (ECPA), an amendment to the Omnibus Crime Control and Safe Streets Act of 1968, extended the restrictions on intercepting communications to electronic communications
Discuss two exceptions to the federal protections against intercepting communications
- Interception is permitted if one of the parties has given consent
- Interception undertaken in the ordinary course of business
List the federal statute that creates a general prohibition against the unauthorized acquisition, alteration or blocking of electronic communications once they are stored
The Stored Communications Act (SCA), enacted as part of ECPA in 1986, creates a general prohibition against the unauthorized acquisition, alteration or blocking of electronic communications once the communications are stored
Contrast the restrictions on intercepting communications to accessing stored communications
The legal limits on interceptions are stricter than for access to stored records
Describe a preservation order as detailed in the SCA
The statute requires that a provider of wire or electronic communication services or a remote computing service, upon the request of a governmental entity, shall take all necessary steps to preserve records and other evidence in its possession pending the issuance of a court order or other process
Define pen register and trap and trace
- A pen register recorded the telephone numbers of outgoing calls
- A “trap and trace” device recorded the telephone numbers that called into a particular number
The USA PATRIOT Act expanded the definitions beyond telephone numbers to include “dialing, routing, addressing, or signaling information” transmitted to or from a device or process
Describe the purpose of CALEA
The U.S. Communications Assistance to Law Enforcement Act of 1994 (CALEA) lays out the duties of defined actors in the telecommunications industry to cooperate in the interception of communications for law enforcement and other needs relating to the security and safety of the public
Explain how CISA benefits companies
The Cybersecurity Information Sharing Act (CISA) permits the federal government to share unclassified technical data with companies about how networks have been attacked and how successful defenses against such attacks have been carried out
Talk about the special restrictions put in place by RFPA
The special requirements of the Right to Financial Privacy Act (RFPA) of 1978 apply to disclosures by a variety of financial institutions, including banks, credit card companies and consumer finance companies
Discuss the main restrictions placed on the government by PPA
The Privacy Protection Act (PPA) of 1980 was enacted to restrict government officials from engaging in criminal investigations to search or seize media work products or documentary materials that are reasonably believed to have a media purpose
Describe the two parts of the CLOUD Act
- Part 1: Addresses how the U.S. DOJ can access content of communications held by companies located in the U.S.
- Part 2: Creates a new mechanism for other countries to access the content of communications held by U.S. service providers
Describe how FISA was intended to strike a balance between supporters and critics of surveillance
- Supporters of surveillance gained a statutory system that expressly authorized foreign intelligence wiretaps, permitting surveillance that did not meet all the requirements of ordinary Fourth Amendment searches
- Critics of surveillance institutionalized a series of checks and balances on the previously unfettered discretion of the president to conduct surveillance in the name of national security
Name the court that issues FISA orders
FISA orders issue from a special court of federal district court judges, the Foreign Intelligence Surveillance Court (FISC)
Explain the significance of Section 215 of the USA PATRIOT Act
Section 215 of the USA PATRIOT Act provides that a federal court order can require the production of “any tangible thing” for defined foreign intelligence and antiterrorism investigations (The definition of tangible thing includes “books, records, papers, documents, and other items”)
Describe the importance of Section 702 of the FISA Amendments Act
Section 702, which refers to a provision in the Foreign Intelligence Surveillance Act Amendments Act of 2008, governs how to govern foreign-to-foreign communications for interception of content that has been stored within the United States
Discuss the major changes to the use of National Security Letters (NSLs) under the USA PATRIOT Act and the subsequent revisions
The USA PATRIOT Act expanded the use of National Security Letters (NSLs), a category of subpoena
- Prior to the USA PATRIOT Act in 2001, NSLs were used narrowly –
a. Only for certain financial and communication records of an agent of a foreign power AND
a. Only with approval of FBI headquarters
Reforms to the strict rules against disclosing that an organization had received an NSL resulted in amendments that required recipients maintain confidentiality only if there is a finding by the requesting agency of interference with a criminal or counterterrorism investigation or for other listed purposes
Reforms have also focused on the indefinite secrecy of NSLs previously imposed on companies who received these
