Module 11: Law enforcement, Civil Litigation and Privacy

Question 1

What is the 4th amendment?

Answer 1

• unreasonable searches
• seizures
• probably cause
• specifics of place to be searched

Question 2

THREE Fourth Amendment Cases

Answer 2

–“reasonably expectations of privacy” test - wiretapping

–when organizations must disclose, have a choice or are prohibited from disclosing information

–when statutes require or prohibit disclosure -court order

–

Question 3

Fourth Amendment

“reasonable expectation of privacy” test

Answer 3

1) A person has exhibited an actual expectation of privacy

2) The expectation be one that society is prepared to recognize as ‘reasonable’

Question 4

Fourth Amendment

When an organization must disclose, have a choice, or are prohibited from disclosing information

Answer 4

Must, choice or prohibit

have an info plan in place and a systematic approach to responding to investigations and litigations

states when you can wiretap

Question 5

Fourth Amendment

When statutes require or prohibit disclosure

Answer 5

When a judge issues a court order; it must state:

1. Court name
2. Title of the action and civil action number
3. Who, specified time and place: attend and
   testify; produce documents, electronically stored information or tangible items; and permit inspection of the premises
4. rules describing a person’s right to challenge or modify the subpoena

Question 6

Access to financial data

Answer 6

goal to detect and deter illegal info such as money laundering, and will also serve to provide evidence in legal matters

• laws and regulations
• protection and security
• detection and difference

Question 7

Right to Financial Privacy Act of 1978 (RFPA)

Answer 7

government authority may not have access to or obtain copies of financial records any customer or financial info unless the financial records are reasonably described and meet at least one of the following conditions:

– formal written request from an authorized government authority

– Appropriate administrative subpoena or summons

– Qualified search warrant

– Customer authorization

– judicial subpoena

Question 8

Bank Secrecy Act of 1970 Act 1

Answer 8

has the authority to impose record-keeping and reporting requirements on financial institutions as a part of the Bank Secrecy Act of 1970 (or BSA). The
BSA applies to:
--banks
--securities brokers and dealers
--money services businesses
--casinos and card clubs.

Question 9

BSA 3 requirements

Answer 9

• record retention requirements
• suspicious activity reports
• enforcement

Question 10

Record Retention strategies

Answer 10

Financial institutions are required to retain records for:
• Currency transactions > $10K
• Transportation of monetary instruments
• Purchases of currency-like instruments > $3K

Question 11

Suspicious Activity Reports

Answer 11

SARs are filed with the Department of Treasury’s Financial Crimes Enforcement Network
when an entity:

• Suspects an insider involved in a crime, regardless of amount
• Detects possible crime >$5,000 and has basis for identifying suspect
• Detects possible crime >$25,000 (even if no suspect)
• Suspects money-laundering in currency transactions aggregated >$5,000

Question 12

Enforcement

Answer 12

Penalties include:

• Civil penalties (fines)

• Fines for negligence, failure to comply with regulations, failure to comply with
information sharing requirements, failure to comply with due diligence requirements

• Criminal penalties (including fines and imprisonment)

Question 13

Authority suspects money laundering

Answer 13

BSA (Bank Secrecy Act)

Question 14

Business retains records for large sum transactions

Answer 14

BSA (Bank Secrecy Act)

Question 15

school releases records per subpoena

Answer 15

Right to Financial Privacy (RTFP)

Question 16

Customer authorizes release of PI

Answer 16

Right to Financial Privacy (RTFP)

Question 17

Access to Communication (wiretapping)

Answer 17

federal law has different rules for:

• • telephone monitoring
• • other tracking of oral communications,
• • privacy of electronic communications
• • video surveillance.

Question 18

wiretaps

Answer 18

Title III of the 1968 anticrime law, Omnibus Crime Control and Safe Streets Act

– oral communication made through a network.

– oral communications: hidden bugs or microphones

Exceptions:

• • consent by one of the parties involved
• • message alerting the caller that the call is being recorded for quality purposes.

Question 19

ECPA (electronic communications privacy act)

Answer 19

extends the ban on interception include “electronic communications”

• Emails
• Pen registers
• Enforcement
• CalECPA

Question 20

ECPA Emails

Answer 20

The ECPA covers email and other communications that are not wire or oral communications.

Question 21

ECPA Pen Registers

Answer 21

• Traditionally, a pen register recorded the telephone numbers of outgoing calls
• ECPA: Provides for pen register orders from a judge under the lenient legal standard of “relevant to an ongoing investigation”

Question 22

ECPA Enforcement

Answer 22

• Violation of ECPA is a criminal offense
• Provides a private right of action
• Exceptions apply if a person is party to the call or if one of the parties has given consent

Question 23

ECPA CalECPA

Answer 23

No California government entity can search phones and no police officer can search online accounts without:

• Permission from a judge
• Obtaining consent
• Showing it is an emergency

Question 24

Stored Communications Act (SCA)

Answer 24

–enacted as part of the ECPA in 1986.
–It addresses interception of electronic communications in facilities where electronic
communication service is provided

Question 25

SCA Provisions

Answer 25

• Enacted as part of ECPA in 1986
• Creates a general prohibition against the unauthorized acquisition, alteration or
blocking of electronic communications while in electronic storage in a facility through
which an electronic communications service is provided

Question 26

SCA Exceptions

Answer 26

The law allows for exceptions to employers for conduct authorized:

– “by the person or entity providing a wire or electronic communications service,”
which will often be the organization

– “by a user of that service with respect to a communication of or intended for that
use,” in other words, if the employer’s reason for doing so is reasonable and work
related

Question 27

SCA Enforcement

Answer 27

Violations can lead to criminal penalties or a civil lawsuit

• Legal limits on interceptions are stricter than those for access to stored records

• ECPA does not preempt stricter state privacy protections and state laws may protect
email communications as well

Question 28

In the Zurcher v Standford case

• -police used a search warrant to look thru the newspapers’ unpublished photos.
• court found the search unlawful
• -the government should have used less invasive methods than a full search of the newspaper’s premise.

Answer 28

–the Supreme court found that valid search warrants “may be used to search any property” where there is probable cause to believe that evidence of a crime will be found.

Question 29

How are members of the media and media organizations protected from government searches and seizures in the court of a criminal investigations?

Answer 29

The Privacy Protection Act was passed in the wake of this Supreme Court decision.

Question 30

Privacy Protection Act (PPA)

Answer 30

• • 1980
• • protects media
• • response to searches
• • may broaden to web publishing
    
    • -blogs
    • -even social media.

Question 31

PPA Provisions

Answer 31

–Provides an extra layer of protection for media and media orgs from searches and seizures

–gov’t officials engaged in criminal investigation are not permitted to search or seize media work products or documentary materials

–applies to gov’t officers or employees at all levels of gov’t

Question 32

PPA Exceptions

Answer 32

–if there is probable cause to believe a reporter has or is in the process of committing a crime

–not if possession, receipt, or communication of the work product itself

Question 33

PPA Enforcement

Answer 33

Violations can lead to penalties of a minimum of $1,000, actual damages and attorneys’ fees

Question 34

Communication Assistance to Law Enforcementt Act (CALEA)

Answer 34

-sometimes referred to as the “Digital Telephony Bill.”
–lays out the duties of defined actors in the
telecommunications industry to cooperate in the interception of communications for law
enforcement and other needs relating to the security and safety of the public.
–requires telecommunication carriers to design their products and services to ensure they can carry out a lawful order to provide government access to communication
-originally excluded internet services. in 2005, the FCC added broadband internet providers and VoIP.

Question 35

Communication Assistance to Law Enforcementt Act (CALEA)

Answer 35

-requires telecommunication carriers to:
>design their products and services to ensure access to communications is required
-Internet Access and VoIP services
>considered telecommunications services
>operate under CALEA requirements

Question 36

Electronic discovery

In events organizations are required to turn over large volumes of electronic data, what steps can they take to protect PI?

Answer 36

• Place limits on using company email
• discourage company business on personal devices
• implement policies for existing employees

Question 37

“e-discovery”

Answer 37

• 2006 adoption

- requires civil litigants to turn over large volumes of an org’s electronic records in litigation

Question 38

ESI (electronically stored info) includes

Answer 38

• email
• word processing documents
• databases
• web pages
• server logs
• instant messaging transcripts
• voicemail systems
• social networking records
• thumb drives
• micro SD cards

Question 39

Sedona Conference

Answer 39

• standards and best practices for managing emails
• 4 key guidelines:
  - administration by interdisciplinary teams
  - CD of understanding policies and practices
  - consensus on policies while considering industry practices
  - tech solutions that parallel the functional requirements of the org

Question 40

EU data protection vs e-discovery

Answer 40

• -another country’s laws may prohibit transfer of personal information outside of the country
• -Nations under the GDPR are subject to greater restrictions versus U.S. discovery
• -When transferring, data should be encrypted with a key transferred by a secure second method, and an audit trail should be considered if the data is shipped.

Question 41

Hague Convention on

the Taking of Evidence

Answer 41

-production of trans-border data can also be avoided by invoking the Hague Convention on
the Taking of Evidence. Under this treaty, the party seeking to displace the Federal Rules of
Civil Procedure may demonstrate that the foreign law prohibits the discovery sought

Question 42

The Hague Convention

Aerospaciale v S.D. of Iowa reconciliation factors

Answer 42

The Hague Convention
Aerospaciale v S.D. of Iowa reconciliation factors:

– Importance of document or litigation
– Specificity of request
– Origination of information
– Availability to alternate means to secure information
– Undermining important interests of U.S. and foreign states (often referred to as
most important)

Question 43

Trans-border data reconciliation

U.S. Discovery

Answer 43

Requests for information require broad preservation, collection and production

Question 44

Trans-border data reconciliation

Foreign laws

Answer 44

Emphasizes the protection of personal data and fundamental rights of privacy

Question 45

Which amendment to the United States Constitution articulates many of the fundamental
concepts used by privacy professionals in the U.S.?
A) First Amendment
B) Second Amendment
C) Third Amendment
D) Fourth Amendment

Answer 45

A) 4th Amendment

Question 46

Under the Right to Financial Privacy Act (RFPA), which of the following may allow a
government authority access to customer financial records? Select all that apply.

A) Appropriate formal written request from an authorized government authority
B) Appropriate administrative subpoena or summons
C) Qualified search warrant
D) Legitimate interest of an authorized government authority
E) Customer authorization
F) Appropriate judicial subpoena

Answer 46

A)
B)
C)
E)
F)

Question 47

Under the Bank Secrecy Act (BSA), who has the authority to impose record-keeping and reporting requirements on financial institutions?

A) U.S. Attorney General
B) State attorneys general
C) U.S. Secretary of the Treasury
D) Federal Trade Commission (FTC)

Answer 47

C

Question 48

When a customer calls in to a company’s service support line and hears a recorded message that the call may be recorded for quality purposes, this qualifies as a legal exception to which
act prohibiting the wiretapping of telephone calls?
A) Omnibus Crime Control and Safe Streets Act
B) Electronic Communications Privacy Act (ECPA)
C) Stored Communication Act (SCA)
D) Privacy Protection Act (PPA)

Answer 48

A

Question 49

What is a pen register?
A) A list of consumers who have requested to be notified if their personal information is
shared with law enforcement
B) A list of law enforcement personnel who may obtain sensitive personal information without a court order
C) Records kept by financial institutions on certain financial transactions
D) A device that records the telephone numbers of all outgoing calls

Answer 49

D

Question 50

Which act was passed as part of the ECPA to address interception of electronic
communications in facilities where electronic communication service is provided?
A) Privacy Protection Act (PPA)
B) Stored Communications Act (SCA)
C) Communications D_ Assistance to Law Enforcement Act (CALEA)
D) Electronic Communications Privacy Act (ECPA)

Answer 50

B) Stored Communications Act (SCA)

Question 51

Which is a component of the Privacy Protection Act (PPA)? Select all that apply.
A) Providing an extra layer of protection for members of the media and media
organizations from government searches or seizures
B) Prohibiting government officials engaged in criminal investigations from searches or seizures of media work products or documentary materials
C) Applies to government officers or employees at all levels of government

Answer 51

All of them

Question 52

9. True or false? Some Internet services fall within the scope of the Communications
   Assistance to Law Enforcement Act (CALEA).

True
False

Answer 52

True

Question 53

What are the two parts of the “expectation of privacy test”? Select two.
A) A person has recorded an actual expectation of privacy
B) A person has exhibited an actual expectation of privacy
C) The expectation be one that a judge recognizes as “reasonable”
D) The expectation be one that society is prepared to recognize as “reasonable”

Answer 53

C) The expectation be one that a judge recognizes as “reasonable”
D) The expectation be one that society is prepared to recognize as “reasonable

Question 54

When a customer calls in to a company’s service support line and hears a recorded message that the call may be recorded for quality purposes, this qualifies as a legal exception to which
act prohibiting the wiretapping of telephone calls?
A) Omnibus Crime Control and Safe Streets Act
B) Electronic Communications Privacy Act (ECPA)
C) Stored Communication Act (SCA)
D) Privacy Protection Act (PPA)

Answer 54

A