Module 11: Civil Litigation and Government Investigations

Question 1

List the two main sources of privacy issues that arise when a company is responding to civil litigation

Answer 1

1. Before trial, a company may receive civil “discovery” requests (These are requests for information by each party in a lawsuit)
2. At a civil trial, the tradition of public records in the United States means that additional personal information may be revealed

Question 2

Explain the involvement of privacy professionals in the common company practice of disclosure of personal information in response to litigation requests

Answer 2

Will need to come back to this one.

Question 3

Discuss the main complexity in understanding the requirements in laws concerning whether an organization can release personal information in response to a request

Answer 3

Sometimes the same statute requires production of information in some circumstances, such as when a judge issues a court order, but prohibits production of the same information in other circumstances, such as when no court order exists

Question 4

List at least two legal avenues that require a company to release personal information

Answer 4

1. Certain U.S. laws require disclosure of personal information held by an organization
2. Outside of these regulatory systems, records sometimes must be disclosed in the course of litigation

Question 5

Define the concept of discovery as it pertains to civil litigation

Answer 5

In litigation, discovery essentially means information disclosed to another party in a lawsuit before trial - subject to rules of civil procedure

Question 6

Describe the term subpoena

Answer 6

Companies with information relevant to civil litigation may receive a subpoena, which is an instruction to produce a witness or records

Question 7

Explain the potential consequences of failing to respond to a subpoena

Answer 7

The court that issued a subpoena may hold in contempt any person who fails to appropriately respond to the subpoena - without an adequate excuse (Contempt of court can result in fines or imprisonment)

Question 8

Name at least two federal laws that permit, but do not require, disclosure under appropriate circumstances

Answer 8

Under appropriate circumstances, HIPAA and the USA PATRIOT Act permit, but do not require, disclose of personal information

Question 9

Name at least two federal laws that forbid disclosure in certain circumstances

Answer 9

HIPAA and GLBA forbid disclose of personal information in at least certain circumstances

Question 10

List common evidentiary privileges that can prohibit disclosure

Answer 10

Common evidentiary privileges that can prohibit disclosure include

• Attorney-client privilege
• Doctor-patient
• Priest-penitent
• Spousal privilege

Question 11

Name the amendment to the U.S. Constitution that protects an accused person from self-incrimination

Answer 11

A person accused of a crime in state or federal court can assert the privilege against self-incrimination under the Fifth Amendment to the U.S. Constitution

Question 12

Name the laws that helped to created a strong tradition of public access to government records in the U.S.

Answer 12

The U.S. has a strong tradition of public access to government records, including under the federal Freedom of Information Act (FOIA) and state open records laws

Question 13

Explain how changes in technology led to heightened privacy concerns regarding public court records

Answer 13

With the growth of the Internet, court systems began to consider putting their records online, and placing court records on the Internet raised privacy issues

Question 14

Explain the purpose of a protective order

Answer 14

With a protective order, a judge determines what personal information should not be made public and what conditions apply to those who may access the protected information

Question 15

Define the term qualified protective order

Answer 15

A QPO prohibits the parties from using or disclosing the protected health information for any purpose other than the litigation

Question 16

Discuss the meaning of the term redaction

Answer 16

Redaction is the practice of identifying and removing or blocking information from documents being produced pursuant to a discovery request or as evidence in a court proceeding

Question 17

Describe the significance of the Sedona Conference to e-discovery

Answer 17

An important source of standards and best practices for managing electronic discovery compliance through data retention policies is the Sedona Conference

Question 18

List two laws that can create some tension between broad pretrial discovery powers and privacy protections

Answer 18

Although HIPAA and GLBA exist in harmony with discovery obligations, these laws create some tension between broad pretrial discovery powers and privacy protections

Question 19

Explain the conflicting demands that parties engaged in discovery in U.S. litigation can be caught between when dealing with transborder data flows

Answer 19

On the one hand, parties must comply with U.S. discovery rules that expressly recognize the importance of broad preservation, collection and production
On the other hand, parties may also face compliance obligations under foreign laws that place an emphasis of the protection of personal data and recognize privacy as a fundamental right

Question 20

Discuss the Hague Convention on the Taking of Evidence as it relates to discovery in U.S. litigation

Answer 20

The production of transborder data may be avoided by invoking the Hague Convention on the Taking of Evidence

Under the treaty, the party seeking to displace the Federal Rules of Civil Procedure bears the burden of demonstrating that it is more appropriate to use the Hague Convention and must establish that the foreign law prohibits the discovery sought

Question 21

Describe the main privacy protection in the Fourth Amendment to the U.S. Constitution

Answer 21

The Fourth Amendment to the U.S. Constitution’s privacy protection is to prohibit the government from making unreasonable searches and seizures

Question 22

Describe the best-known test from the 1967 case of Katz v. United States

Answer 22

The 1967 case of Katz v. United States is best remembered today for the widely cited “reasonable expectation of privacy” test

There is a twofold requirement:

• first, a person has exhibited an actual (subjective) expectation of privacy and,
• second, that the expectation be one that society is prepared to recognize as ‘reasonable’

Question 23

List the two main exceptions to the Katz test

Answer 23

Two important exceptions exist to the Katz requirement of a warrant where a reasonable expectation of privacy exists: “in public” and “third party”

Question 24

Discuss three recent Supreme Court privacy cases

Answer 24

1. In Jones, the Supreme Court held that a warrant was needed when the police placed a Global Positioning System (GPS) device on a car and tracked its location for over a month
2. Carpenter similarly required a warrant for cell phone location
3. In Riley, the Supreme Court held that the contents of a cell phone cannot be searched unless law enforcement officers first obtain a search warrant

Question 25

List at least two statutes where some legal process is required for law enforcement to access records, but the requirements are not as strict as a probable cause warrant approved by a neutral magistrate

Answer 25

The Right to Financial Privacy Act of 1978 and the Electronic Communications Privacy Act of 1986 are two statutes where Congress has required some legal process for law enforcement to access records, but the requirements are not as strict as a probable cause warrant approved by a neutral magistrate

Question 26

Name at least one statute that has law enforcement provisions that permit, but do not require, companies to release personal information to law enforcement

Answer 26

HIPAA is an example of a statute that has law enforcement provisions which permit, but do not require, companies to release personal information to law enforcement

Question 27

List the federal statute that governs wiretaps of telephones

Answer 27

The Title III of the Omnibus Crime Control and Safe Streets Act of 1968 is generally strict in prohibiting wiretaps of telephone calls

Question 28

Name the amendment to the federal law governing wiretaps that extended the restrictions on intercepting communications to electronic communications

Answer 28

The Electronic Communications Privacy Act (ECPA), an amendment to the Omnibus Crime Control and Safe Streets Act of 1968, extended the restrictions on intercepting communications to electronic communications

Question 29

Discuss two exceptions to the federal protections against intercepting communications

Answer 29

1. Interception is permitted if one of the parties has given consent
2. Interception undertaken in the ordinary course of business

Question 30

List the federal statute that creates a general prohibition against the unauthorized acquisition, alteration or blocking of electronic communications once they are stored

Answer 30

The Stored Communications Act (SCA), enacted as part of ECPA in 1986, creates a general prohibition against the unauthorized acquisition, alteration or blocking of electronic communications once the communications are stored

Question 31

Contrast the restrictions on intercepting communications to accessing stored communications

Answer 31

The legal limits on interceptions are stricter than for access to stored records

Question 32

Describe a preservation order as detailed in the SCA

Answer 32

The statute requires that a provider of wire or electronic communication services or a remote computing service, upon the request of a governmental entity, shall take all necessary steps to preserve records and other evidence in its possession pending the issuance of a court order or other process

Question 33

Define pen register and trap and trace

Answer 33

1. A pen register recorded the telephone numbers of outgoing calls
2. A “trap and trace” device recorded the telephone numbers that called into a particular number

The USA PATRIOT Act expanded the definitions beyond telephone numbers to include “dialing, routing, addressing, or signaling information” transmitted to or from a device or process

Question 34

Describe the purpose of CALEA

Answer 34

The U.S. Communications Assistance to Law Enforcement Act of 1994 (CALEA) lays out the duties of defined actors in the telecommunications industry to cooperate in the interception of communications for law enforcement and other needs relating to the security and safety of the public

Question 35

Explain how CISA benefits companies

Answer 35

The Cybersecurity Information Sharing Act (CISA) permits the federal government to share unclassified technical data with companies about how networks have been attacked and how successful defenses against such attacks have been carried out

Question 36

Talk about the special restrictions put in place by RFPA

Answer 36

The special requirements of the Right to Financial Privacy Act (RFPA) of 1978 apply to disclosures by a variety of financial institutions, including banks, credit card companies and consumer finance companies

Question 37

Discuss the main restrictions placed on the government by PPA

Answer 37

The Privacy Protection Act (PPA) of 1980 was enacted to restrict government officials from engaging in criminal investigations to search or seize media work products or documentary materials that are reasonably believed to have a media purpose

Question 38

Describe the two parts of the CLOUD Act

Answer 38

1. Part 1: Addresses how the U.S. DOJ can access content of communications held by companies located in the U.S.
2. Part 2: Creates a new mechanism for other countries to access the content of communications held by U.S. service providers

Question 39

Describe how FISA was intended to strike a balance between supporters and critics of surveillance

Answer 39

• Supporters of surveillance gained a statutory system that expressly authorized foreign intelligence wiretaps, permitting surveillance that did not meet all the requirements of ordinary Fourth Amendment searches
• Critics of surveillance institutionalized a series of checks and balances on the previously unfettered discretion of the president to conduct surveillance in the name of national security

Question 40

Name the court that issues FISA orders

Answer 40

FISA orders issue from a special court of federal district court judges, the Foreign Intelligence Surveillance Court (FISC)

Question 41

Explain the significance of Section 215 of the USA PATRIOT Act

Answer 41

Section 215 of the USA PATRIOT Act provides that a federal court order can require the production of “any tangible thing” for defined foreign intelligence and antiterrorism investigations (The definition of tangible thing includes “books, records, papers, documents, and other items”)

Question 42

Describe the importance of Section 702 of the FISA Amendments Act

Answer 42

Section 702, which refers to a provision in the Foreign Intelligence Surveillance Act Amendments Act of 2008, governs how to govern foreign-to-foreign communications for interception of content that has been stored within the United States

Question 43

Discuss the major changes to the use of National Security Letters (NSLs) under the USA PATRIOT Act and the subsequent revisions

Answer 43

The USA PATRIOT Act expanded the use of National Security Letters (NSLs), a category of subpoena

1. Prior to the USA PATRIOT Act in 2001, NSLs were used narrowly –
   a. Only for certain financial and communication records of an agent of a foreign power AND
   a. Only with approval of FBI headquarters

Reforms to the strict rules against disclosing that an organization had received an NSL resulted in amendments that required recipients maintain confidentiality only if there is a finding by the requesting agency of interference with a criminal or counterterrorism investigation or for other listed purposes

Reforms have also focused on the indefinite secrecy of NSLs previously imposed on companies who received these