Module 4: Privacy

Question 1

How is the right of privacy defined?

Answer 1

The right of privacy is “the right to be left alone-the most comprehensive of rights, and the right most valued by a free people”

Question 2

What are the two main components of information privacy?

Answer 2

Information privacy is the combination of communications privacy (the ability to communicate with others without those communications being monitored by other persons or organizations) and data privacy (the ability to limit access to one’s personal data by other individuals and organizations in order to exercise a substantial degree of control over that data and its use).

Question 3

Why is balancing the use of information technology and personal privacy important in business?

Answer 3

The us of information technology in business requires balancing the needs of those who use the information that is collected against the rights and desires of the people whose information is being used. A combination of approaches-new laws, technical solutions, and privacy policies-required to balance the scales.

Question 4

What does the Fourth Amendment state regarding privacy?

Answer 4

The Fourth AMendment reads, “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issu, but upon probably cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” The courts have ruled that without a reasonable expectation of privacy, there is no privacy right to protect.

Question 5

What additional privacy protections do people seek today beyond protection from the government intrusion?

Answer 5

Today, in addition to protection from the government intrusion, people want and need privacy protection from private industry. For many, the existing hodgepodge of privacy laws and practices fails to provide adequate protection and fuels a sense of distrust and skepticism, and concerns over identity theft.

Question 6

How does the Fair Credit Reporting Act protect privacy?

Answer 6

The Fair Credit Reporting Act regulates the operations of credit reporting bureaus to ensure the accuracy and privacy of consumer credit information.

Question 7

What protections does the Right to Financial Privacy Act offer?

Answer 7

The Right to Financial Privacy Act protects the financial records of financial institution customers from unauthorized scrutiny by the federal government.

Question 8

What are the main provisions of the Gramm-Leach-Bliley Act (GLBA)?

Answer 8

The GLBA established mandatory guidelines for the collection and disclosure of personal financial information by financial institutions, requires them to document their data security plans, and encourages safeguards against pretexting.

Question 9

How does the Fair and Accurate Credit Transactions Act benefit consumers?

Answer 9

The Fair and Accurate Credit Transactions Act allows consumers to request and obtain a free credit report each year from each of the three consumer credit reporting agencies.

Question 10

What standards did HIPAA establish regarding health information?

Answer 10

HIPAA defined numerous standards to improve the portability and continuity of health insurance coverage, reduce fraud, waste, and abuse in health insurance care and healthcare delivery, and simplify the administration of health insurance.

Question 11

What privacy provisions were included in the American Recovery and Reinvestment Act for EHRs?

Answer 11

The American Recovery and Reinvestment Act included strong privacy provisions for electronic health records (EHRs), such as banning the sale of health information, promoting the use of audit trails and encryption, and providing rights of access for patients.

Question 12

What rights does the Family Educational Rights and Privacy Act (FERPA) provide to students and parents?

Answer 12

FERPA provides students and their parents with specific rights regarding the release and access of student records.

Question 13

What requirements does the Children’s Online Privacy Protection Act (COPPA) impose on websites catering to children?

Answer 13

COPPA requires websites that cater to children to offer comprehensive privacy policies, notify parents or guardians about their data collection practices, and receive parental consent before collecting personal information from children under 13.

Question 14

How does the Wiretap Act regulate the interception of communications?

Answer 14

The Wiretap Act (Title III of the Omnibus Crime Control and Safe Streets Act) regulates the interception of wire (telephone) and oral communications.

Question 15

What does the Foreign Intelligence Surveillance Act (FISA) regulate?

Answer 15

FISA describes procedures for the electronic surveillance and collection of foreign intelligence information between foreign powers and agents of foreign powers.

Question 16

What is Executive Order 12333 and what does it allow?

Answer 16

Executive Order 12333 identifies government intelligence-gathering agencies and defines the information they can collect, retain, and disseminate, allowing for the tangential collection of U.S. citizen data even when not specifically targeted.

Question 17

What protections does the Electronic Communications Privacy Act (ECPA) provide?

Answer 17

The ECPA deals with the protection of communications while in transit from sender to receiver, protection of communications held in electronic storage, and the prohibition of devices from recording dialing, routing, addressing, and signaling information without a search warrant.

Question 18

What are the requirements of the Communications Assistance for Law Enforcement Act (CALEA)?

Answer 18

CALEA requires the telecommunications industry to build tools into its products that federal investigators can use, after gaining a court order, to eavesdrop on conversations and intercept electronic communications.

Question 19

What powers did the USA PATRIOT Act grant law enforcement and intelligence agencies?

Answer 19

The USA PATRIOT Act gave sweeping new powers to law enforcement and intelligence agencies, including increased ability to eavesdrop on telephone communication, intercept email messages, and search medical, financial, and other records, while easing restrictions on foreign intelligence gathering in the U.S.

Question 20

What does the Foreign Intelligence Surveillance Act Amendments Act of 2004 authorize?

Answer 20

It authorized intelligence gathering on individuals not affiliated with any known terrorist organization (lone wolves).

Question 21

What authority was granted by the Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008?

Answer 21

It granted the NSA expanded authority to collect, without court-approved warrants, international communications as they flow through U.S. telecommunications equipment and facilities.

Question 22

What extensions were granted by the PATRIOT Sunsets Extension Act?

Answer 22

It granted a four-year extension of provisions of the USA PATRIOT Act that allowed roving wiretaps and searches of business records, and extended authorization for intelligence gathering on lone wolves.

Question 23

What changes did the USA Freedom Act bring?

Answer 23

The USA Freedom Act terminated the bulk collection of telephone metadata by the NSA, requiring telecommunications carriers to hold the data and respond to NSA queries, and restored authorization for roving wiretaps and tracking of lone wolf terrorists.

Question 24

What are “fair information practices”?

Answer 24

Fair information practices are guidelines that govern the collection and use of personal data, developed by various organizations and countries, often including principles such as notice, choice, access, and security.

Question 25

What is the OECD’s role in privacy protection?

Answer 25

The OECD created a set of fair information practices for the protection of privacy and transborder data flows, often held up as a model for organizations to adopt for the ethical treatment of consumer data.

Question 26

What does the European Union Data Protection Directive require?

Answer 26

It requires member countries to ensure data transferred to non-EU countries is protected and bars the export of data to countries without comparable data privacy protection standards. It led to the EU-U.S. Safe Harbor agreement for data processing and storage.

Question 27

What are the European–United States Privacy Shield Data Transfer Program Guidelines?

Answer 27

They are a stop-gap measure allowing businesses to transfer personal data about European citizens to the U.S., established after the European Court of Justice invalidated the Safe Harbor agreement.

Question 28

What is the GDPR and what does it address?

Answer 28

The GDPR addresses the export of personal data outside the EU, enables citizens to see and correct their personal data, standardizes data privacy regulations within the EU, and establishes substantial penalties for guideline violations.

Question 29

What rights does the Freedom of Information Act (FOIA) grant?

Answer 29

The FOIA grants citizens the right to access certain information and records of the federal government upon request.

Question 30

What does the Privacy Act prohibit U.S. government agencies from doing?

Answer 30

The Privacy Act prohibits U.S. government agencies from concealing the existence of any personal data record-keeping system.

Question 31

What methods do companies use to collect personal data about visitors to their websites?

Answer 31

Companies use many different methods to collect personal data about visitors to their websites, including depositing cookies on visitors’ hard drives.

Question 32

Why has consumer data privacy become a major marketing issue for companies?

Answer 32

Consumer data privacy has become a major marketing issue because companies that cannot protect or do not respect customer information have lost business and have become defendants in class actions stemming from privacy violations.

Question 33

What is a data breach, and why is it a significant concern?

Answer 33

A data breach is the unintended release of sensitive data or the access of sensitive data (e.g., credit card numbers, health insurance member IDs, and Social Security numbers) by unauthorized individuals. The increasing number of data breaches is alarming, as is the lack of initiative by some companies in informing the people whose data are stolen.

Question 34

What actions have been taken by some states regarding data breaches?

Answer 34

A number of states have passed data breach notification laws that require companies to notify affected customers on a timely basis.

Question 35

What are the associated ethical issues:

Answer 35

Invasion of Privacy, Data Security, Transparency and Consent, Responsibility in Case of Breaches, Trust and Reputation.

Question 37

What is the discovery process in a lawsuit?

Answer 37

Discovery is part of the pretrial phase of a lawsuit in which each party can obtain evidence from the other party by various means, including requests for the production of documents.

Question 38

What is e-discovery?

Answer 38

E-discovery is the collection, preparation, review, and production of electronically stored information for use in criminal and civil actions and proceedings.

Question 39

What is predictive coding in the context of e-discovery?

Answer 39

Predictive coding is a process that couples human intelligence with computer-driven concept searching in order to “train” document review software to recognize relevant documents within a document universe.

Question 40

Why have organizations developed IT usage policies?

Answer 40

Many organizations have developed IT usage policies to protect against employee abuses that can reduce worker productivity and expose employers to harassment lawsuits.

Question 41

How prevalent is employee monitoring in the U.S.?

Answer 41

About 80 percent of U.S. firms record and review employee communications and activities on the job, including phone calls, email, web surfing, and computer files.

Question 42

What new legal and ethical issues have arisen with the use of fitness trackers in the workplace?

Answer 42

The use of fitness trackers in the workplace has opened up potential new legal and ethical issues, such as privacy concerns and the potential misuse of personal health data.

Question 43

How are surveillance cameras used in major cities, and what are the criticisms?

Answer 43

Surveillance cameras are used in major cities around the world to deter crime and terrorist activities. Critics believe that such security is a violation of civil liberties.

Question 44

What is an Event Data Recorder (EDR), and what are the concerns associated with it?

Answer 44

An EDR is a device that records vehicle and occupant data for a few seconds before, during, and after any vehicle crash that is severe enough to deploy the vehicle’s airbags. The fact that most cars now come equipped with an EDR and that the data from this device may be used as evidence in a court of law is not broadly known by the public.

Question 45

What are stalking apps, and what ethical issues do they present?

Answer 45

Stalking apps can be downloaded onto a person’s cell phone, making it possible to perform location tracking, record calls and conversations, view every text and photograph sent or received, and record the URLs of any website visited on that phone. These apps raise significant ethical issues related to privacy and unauthorized surveillance.