ebook img

The Business Privacy Law Handbook (Artech House Telecommunications) PDF

341 Pages·2008·1.81 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview The Business Privacy Law Handbook (Artech House Telecommunications)

ch00_fm_5024.qxp 3/20/08 2:36 PM Page i The Business Privacy Law Handbook ch00_fm_5024.qxp 3/20/08 2:36 PM Page ii For a listing of recent titles in the Artech House Telecommunications Series, please turn to the back of this book. ch00_fm_5024.qxp 3/20/08 2:36 PM Page iii The Business Privacy Law Handbook Charles H. Kennedy artechhouse.com ch00_fm_5024.qxp 3/20/08 2:36 PM Page iv Library of Congress Cataloging-in-Publication Data A catalog record for this book is available from the U.S. Library of Congress. British Library Cataloguing in Publication Data A catalogue record for this book is available from the British Library. ISBN-13: 978-1-59693-176-3 Cover design by Igor Valdman © 2008 ARTECH HOUSE, INC. 685 Canton Street Norwood, MA 02062 All rights reserved. Printed and bound in the United States of America. No part of this book may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without permission in writing from the publisher. All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Artech House cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. 10 9 8 7 6 5 4 3 2 1 ch00_fm_5024.qxp 3/20/08 2:36 PM Page v To the memory of Charles H. Kennedy IV and to his daughter, Sarah Clare Kennedy ch00_fm_5024.qxp 3/20/08 2:36 PM Page vi ch00_fm_5024.qxp 3/20/08 2:36 PM Page vii Contents Preface xiii Introduction: A Systematic Approach to U.S. Privacy Law Compliance xv PART I Information About Consumers and Customers 1 CHAPTER 1 Collection and Use of Personal Information on the Internet 3 1.1 Should You Have a Privacy Policy? If So, What Should It Say? 3 1.2 What Happens If You Violate Your Privacy Policy? 8 1.2.1 Federal Regulatory Enforcement 8 1.2.2 State Actions 12 1.2.3 Private Actions—The Airlines Litigation and Other Lawsuits 13 1.3 Collecting Information from Children: The Children’s Online PrivacyProtection Act 14 1.3.1 Is My Web Site Subject to COPPA? 14 1.3.2 How Do Web Sites Comply with COPPA? 18 1.3.3 COPPA Enforcement Proceedings 19 Notes 20 CHAPTER 2 Data Protection: The Evolving Obligation of Business to Protect Personal Information 23 2.1 The FTC’s Data Security Standard 24 2.1.1 The Content of the FTC’s Data Security Standard 25 2.1.2 How to Comply with the FTC Standard 29 2.2 State Enforcement Actions 30 2.3 State Secure Disposal Laws 31 2.4 Comprehensive State Data Security Protection Laws 32 2.4.1 The State Information Security Laws Apply to a Wide Range of Information and Media 33 2.4.2 The State Laws Protect Information at All Stages of Its Life Cycle 33 2.5 The States’ Data Security Breach Notification Laws 34 2.6 Private Negligence Actions 38 vii ch00_fm_5024.qxp 3/20/08 2:36 PM Page viii viii Contents 2.7 A Data Security Assessment Proposal for Icarus Hang Gliders, Inc. 39 2.7.1 Asset Valuation and Classification 39 2.7.2 Risk Identification 45 2.7.3 Data Security Evalation 49 2.7.4 Risk Management 50 Notes 51 CHAPTER 3 If Your Organization Is a Financial Institution: The Gramm-Leach-Bliley Act and Other Financial Privacy Legislation 55 3.1 The Gramm-Leach-Bliley Financial Modernization Act of 1999 55 3.1.1 Financial Institutions and Activities Subject to the GLBA 56 3.1.2 Protecting Privacy Under the GLBA 59 3.2 The Right to Financial Privacy Act 63 3.3 The Fair Credit Reporting Act 64 3.3.1 Reporting Agencies May Furnish Reports Only asPermittedbyFCRA 65 3.3.2 Reporting Agencies Must Maintain Accuracy of Information 66 3.3.3 Reporting Agencies Must Police Users 67 3.3.4 Reporting Agencies Must Permit Consumers to Review ConsumerReport Information 67 3.3.5 Reporting Agencies and Users Must Observe Rules ConcerningInvestigative Consumer Reports 67 3.3.6 Reporting Agencies Must Delete Obsolete Information 67 3.3.7 Reporting Agencies May Not Report Medical Information WithoutConsumer Consent 67 3.3.8 Users Must Comply with FCRA 68 3.3.9 FACTA Amendments 68 3.3.10 FCRA Enforcement 69 3.3.11 State Regulation of Credit Reporting 69 3.4 Section 326 of the USA PATRIOT Act 69 3.5 Electronic Funds Transfer Act 70 3.6 State Financial Privacy Statutes 70 Notes 71 CHAPTER 4 If Your Organization is an Electronic Communication Service Provider: The Electronic Communications Privacy Act and Stored Communications Act 75 4.1 Disclosing Customer Information 75 4.1.1 Disclosing the Contents of Communications 76 4.1.2 Disclosing Basic Subscriber Information 77 4.1.3 Disclosing Records or Other Information Pertaining to a Customer or Subscriber 77 ch00_fm_5024.qxp 3/20/08 2:36 PM Page ix Contents ix 4.2 Disclosure of Customer Records Under the First Amendment 78 4.3 Disclosure in Circumstances That May Violate Foreign Law 78 Notes 79 CHAPTER 5 If Your Organization Is a Provider of Health Care, Health Insurance, or Related Services 81 5.1 HIPAA 81 5.1.1 Entities Covered by HIPAA 81 5.1.2 Information Protected by HIPAA 88 5.1.3 When PHI May Be Disclosed 89 5.1.4 The “Minimum Necessary” Principle 91 5.1.5 Rights of Notice, Access, and Amendment 91 5.1.6 Rights of Disclosure Accounting, Restriction, and Confidentiality 92 5.1.7 Covered Entity Compliance Measures 92 5.1.8 HIPAA Data Security Obligations 93 5.2 State Medical Privacy Statutes 93 Notes 94 CHAPTER 6 Doing Business in—or with—Europe: The European Union Data Protection Directive 101 Notes 103 PART II Information About Job Applicants and Employees 105 CHAPTER 7 The Hiring Process 107 7.1 The Americans with Disabilities Act 107 7.2 Fair Credit Reporting Act 108 7.3 State Laws Restricting Employer Use of Credit Reports 109 7.4 Laws Restricting Use of Criminal Records 110 7.5 Requesting and Giving References 111 7.6 Other Restrictions on Pre-Employment Screening 112 Notes 112 CHAPTER 8 Internal Investigations and Other Aspects of the Employment Relationship 115 8.1 Internal Investigations 115 8.1.1 Workplace Searches 115 8.1.2 Labor Law Considerations in Internal Investigations 116

Description:
This authoritative handbook serves as a one-stop guide to understanding and complying with the complex, evolving world of corporate privacy law. Written in clear, non-technical language, the book breaks the privacy compliance universe into manageable parts. Professionals and students find guidance o
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.