Module 11: Law enforcement, Civil Litigation and Privacy Flashcards
What is the 4th amendment?
- unreasonable searches
- seizures
- probably cause
- specifics of place to be searched
THREE Fourth Amendment Cases
–“reasonably expectations of privacy” test - wiretapping
–when organizations must disclose, have a choice or are prohibited from disclosing information
–when statutes require or prohibit disclosure -court order
–
Fourth Amendment
“reasonable expectation of privacy” test
1) A person has exhibited an actual expectation of privacy
2) The expectation be one that society is prepared to recognize as ‘reasonable’
Fourth Amendment
When an organization must disclose, have a choice, or are prohibited from disclosing information
Must, choice or prohibit
have an info plan in place and a systematic approach to responding to investigations and litigations
states when you can wiretap
Fourth Amendment
When statutes require or prohibit disclosure
When a judge issues a court order; it must state:
- Court name
- Title of the action and civil action number
- Who, specified time and place: attend and
testify; produce documents, electronically stored information or tangible items; and permit inspection of the premises - rules describing a person’s right to challenge or modify the subpoena
Access to financial data
goal to detect and deter illegal info such as money laundering, and will also serve to provide evidence in legal matters
- laws and regulations
- protection and security
- detection and difference
Right to Financial Privacy Act of 1978 (RFPA)
government authority may not have access to or obtain copies of financial records any customer or financial info unless the financial records are reasonably described and meet at least one of the following conditions:
– formal written request from an authorized government authority
– Appropriate administrative subpoena or summons
– Qualified search warrant
– Customer authorization
– judicial subpoena
Bank Secrecy Act of 1970 Act 1
has the authority to impose record-keeping and reporting requirements on financial institutions as a part of the Bank Secrecy Act of 1970 (or BSA). The BSA applies to: --banks --securities brokers and dealers --money services businesses --casinos and card clubs.
BSA 3 requirements
- record retention requirements
- suspicious activity reports
- enforcement
Record Retention strategies
Financial institutions are required to retain records for:
• Currency transactions > $10K
• Transportation of monetary instruments
• Purchases of currency-like instruments > $3K
Suspicious Activity Reports
SARs are filed with the Department of Treasury’s Financial Crimes Enforcement Network
when an entity:
- Suspects an insider involved in a crime, regardless of amount
- Detects possible crime >$5,000 and has basis for identifying suspect
- Detects possible crime >$25,000 (even if no suspect)
- Suspects money-laundering in currency transactions aggregated >$5,000
Enforcement
Penalties include:
• Civil penalties (fines)
• Fines for negligence, failure to comply with regulations, failure to comply with
information sharing requirements, failure to comply with due diligence requirements
• Criminal penalties (including fines and imprisonment)
Authority suspects money laundering
BSA (Bank Secrecy Act)
Business retains records for large sum transactions
BSA (Bank Secrecy Act)
school releases records per subpoena
Right to Financial Privacy (RTFP)
Customer authorizes release of PI
Right to Financial Privacy (RTFP)
Access to Communication (wiretapping)
federal law has different rules for:
- telephone monitoring
- other tracking of oral communications,
- privacy of electronic communications
- video surveillance.
wiretaps
Title III of the 1968 anticrime law, Omnibus Crime Control and Safe Streets Act
– oral communication made through a network.
– oral communications: hidden bugs or microphones
Exceptions:
- consent by one of the parties involved
- message alerting the caller that the call is being recorded for quality purposes.
ECPA (electronic communications privacy act)
extends the ban on interception include “electronic communications”
- Emails
- Pen registers
- Enforcement
- CalECPA
ECPA Emails
The ECPA covers email and other communications that are not wire or oral communications.
ECPA Pen Registers
- Traditionally, a pen register recorded the telephone numbers of outgoing calls
- ECPA: Provides for pen register orders from a judge under the lenient legal standard of “relevant to an ongoing investigation”
ECPA Enforcement
- Violation of ECPA is a criminal offense
- Provides a private right of action
- Exceptions apply if a person is party to the call or if one of the parties has given consent
ECPA CalECPA
No California government entity can search phones and no police officer can search online accounts without:
- Permission from a judge
- Obtaining consent
- Showing it is an emergency
Stored Communications Act (SCA)
–enacted as part of the ECPA in 1986.
–It addresses interception of electronic communications in facilities where electronic
communication service is provided
SCA Provisions
• Enacted as part of ECPA in 1986
• Creates a general prohibition against the unauthorized acquisition, alteration or
blocking of electronic communications while in electronic storage in a facility through
which an electronic communications service is provided
SCA Exceptions
The law allows for exceptions to employers for conduct authorized:
– “by the person or entity providing a wire or electronic communications service,”
which will often be the organization
– “by a user of that service with respect to a communication of or intended for that
use,” in other words, if the employer’s reason for doing so is reasonable and work
related
SCA Enforcement
Violations can lead to criminal penalties or a civil lawsuit
• Legal limits on interceptions are stricter than those for access to stored records
• ECPA does not preempt stricter state privacy protections and state laws may protect
email communications as well
In the Zurcher v Standford case
- -police used a search warrant to look thru the newspapers’ unpublished photos.
- court found the search unlawful
- -the government should have used less invasive methods than a full search of the newspaper’s premise.
–the Supreme court found that valid search warrants “may be used to search any property” where there is probable cause to believe that evidence of a crime will be found.
How are members of the media and media organizations protected from government searches and seizures in the court of a criminal investigations?
The Privacy Protection Act was passed in the wake of this Supreme Court decision.
Privacy Protection Act (PPA)
- 1980
- protects media
- response to searches
- may broaden to web publishing
- -blogs
- -even social media.
- may broaden to web publishing
PPA Provisions
–Provides an extra layer of protection for media and media orgs from searches and seizures
–gov’t officials engaged in criminal investigation are not permitted to search or seize media work products or documentary materials
–applies to gov’t officers or employees at all levels of gov’t
PPA Exceptions
–if there is probable cause to believe a reporter has or is in the process of committing a crime
–not if possession, receipt, or communication of the work product itself
PPA Enforcement
Violations can lead to penalties of a minimum of $1,000, actual damages and attorneys’ fees
Communication Assistance to Law Enforcementt Act (CALEA)
-sometimes referred to as the “Digital Telephony Bill.”
–lays out the duties of defined actors in the
telecommunications industry to cooperate in the interception of communications for law
enforcement and other needs relating to the security and safety of the public.
–requires telecommunication carriers to design their products and services to ensure they can carry out a lawful order to provide government access to communication
-originally excluded internet services. in 2005, the FCC added broadband internet providers and VoIP.
Communication Assistance to Law Enforcementt Act (CALEA)
-requires telecommunication carriers to:
>design their products and services to ensure access to communications is required
-Internet Access and VoIP services
>considered telecommunications services
>operate under CALEA requirements
Electronic discovery
In events organizations are required to turn over large volumes of electronic data, what steps can they take to protect PI?
- Place limits on using company email
- discourage company business on personal devices
- implement policies for existing employees
“e-discovery”
- 2006 adoption
- requires civil litigants to turn over large volumes of an org’s electronic records in litigation
ESI (electronically stored info) includes
- word processing documents
- databases
- web pages
- server logs
- instant messaging transcripts
- voicemail systems
- social networking records
- thumb drives
- micro SD cards
Sedona Conference
- standards and best practices for managing emails
- 4 key guidelines:
- administration by interdisciplinary teams
- CD of understanding policies and practices
- consensus on policies while considering industry practices
- tech solutions that parallel the functional requirements of the org
EU data protection vs e-discovery
- -another country’s laws may prohibit transfer of personal information outside of the country
- -Nations under the GDPR are subject to greater restrictions versus U.S. discovery
- -When transferring, data should be encrypted with a key transferred by a secure second method, and an audit trail should be considered if the data is shipped.
Hague Convention on
the Taking of Evidence
-production of trans-border data can also be avoided by invoking the Hague Convention on
the Taking of Evidence. Under this treaty, the party seeking to displace the Federal Rules of
Civil Procedure may demonstrate that the foreign law prohibits the discovery sought
The Hague Convention
Aerospaciale v S.D. of Iowa reconciliation factors
The Hague Convention
Aerospaciale v S.D. of Iowa reconciliation factors:
– Importance of document or litigation
– Specificity of request
– Origination of information
– Availability to alternate means to secure information
– Undermining important interests of U.S. and foreign states (often referred to as
most important)
Trans-border data reconciliation
U.S. Discovery
Requests for information require broad preservation, collection and production
Trans-border data reconciliation
Foreign laws
Emphasizes the protection of personal data and fundamental rights of privacy
Which amendment to the United States Constitution articulates many of the fundamental
concepts used by privacy professionals in the U.S.?
A) First Amendment
B) Second Amendment
C) Third Amendment
D) Fourth Amendment
A) 4th Amendment
Under the Right to Financial Privacy Act (RFPA), which of the following may allow a
government authority access to customer financial records? Select all that apply.
A) Appropriate formal written request from an authorized government authority
B) Appropriate administrative subpoena or summons
C) Qualified search warrant
D) Legitimate interest of an authorized government authority
E) Customer authorization
F) Appropriate judicial subpoena
A) B) C) E) F)
Under the Bank Secrecy Act (BSA), who has the authority to impose record-keeping and reporting requirements on financial institutions?
A) U.S. Attorney General
B) State attorneys general
C) U.S. Secretary of the Treasury
D) Federal Trade Commission (FTC)
C
When a customer calls in to a company’s service support line and hears a recorded message that the call may be recorded for quality purposes, this qualifies as a legal exception to which
act prohibiting the wiretapping of telephone calls?
A) Omnibus Crime Control and Safe Streets Act
B) Electronic Communications Privacy Act (ECPA)
C) Stored Communication Act (SCA)
D) Privacy Protection Act (PPA)
A
What is a pen register?
A) A list of consumers who have requested to be notified if their personal information is
shared with law enforcement
B) A list of law enforcement personnel who may obtain sensitive personal information without a court order
C) Records kept by financial institutions on certain financial transactions
D) A device that records the telephone numbers of all outgoing calls
D
Which act was passed as part of the ECPA to address interception of electronic
communications in facilities where electronic communication service is provided?
A) Privacy Protection Act (PPA)
B) Stored Communications Act (SCA)
C) Communications D_ Assistance to Law Enforcement Act (CALEA)
D) Electronic Communications Privacy Act (ECPA)
B) Stored Communications Act (SCA)
Which is a component of the Privacy Protection Act (PPA)? Select all that apply.
A) Providing an extra layer of protection for members of the media and media
organizations from government searches or seizures
B) Prohibiting government officials engaged in criminal investigations from searches or seizures of media work products or documentary materials
C) Applies to government officers or employees at all levels of government
All of them
- True or false? Some Internet services fall within the scope of the Communications
Assistance to Law Enforcement Act (CALEA).
True
False
True
What are the two parts of the “expectation of privacy test”? Select two.
A) A person has recorded an actual expectation of privacy
B) A person has exhibited an actual expectation of privacy
C) The expectation be one that a judge recognizes as “reasonable”
D) The expectation be one that society is prepared to recognize as “reasonable”
C) The expectation be one that a judge recognizes as “reasonable”
D) The expectation be one that society is prepared to recognize as “reasonable
When a customer calls in to a company’s service support line and hears a recorded message that the call may be recorded for quality purposes, this qualifies as a legal exception to which
act prohibiting the wiretapping of telephone calls?
A) Omnibus Crime Control and Safe Streets Act
B) Electronic Communications Privacy Act (ECPA)
C) Stored Communication Act (SCA)
D) Privacy Protection Act (PPA)
A
