Chapter 4 - Privacy

The right of privacy

"the right to be left alone—the most comprehensive 138 of rights, and the right most valued by a free people

European Union Data Protection Directive

(officially known as Directive 95/46/EC) requires any company doing business within the borders of the countries comprising the European Union (EU) to implement a set of privacy directives on the fair and appropriate use of information.

Briefly describe the concept of the right of privacy and information privacy.

A broad definition of the right of privacy is "the right to be left alone-the most comprehensive of rights, and the right most valued by a free people" (Justice Louis Brandeis, dissenting in Olmstead v. U.S., 1928). Another concept of privacy that is particularly useful in discussing the impact of IT on privacy is the term information privacy, first coined by Roger Clark (Director, Australian Privacy Foundation). Information privacy is the combination of communications privacy (the ability to communicate with others without those communications being monitored by other persons or organizations) and data privacy ( the ability to limit access to one's personal data by other individuals and organizations-to be able to exercise a substantial degree of control over that data and its use).

Gramm-Leach-Bliley Act of 1999

Also known as the Financial Services Modernization Act of 1999, was a bank deregulation law that repealed a Depression-era law known as Glass-Steagall.

Which act included strong privacy provisions for electronic health records and bans the sale of health information, promotes the use of audit trails and encryption, and provides rights of access for patients?

American Recovery and Reinvestment Act

Under which act did the Federal Communications Commission respond to appeals from the Department of Justice by requiring providers of Internet phone services and broadband services to ensure that their equipment accommodated the use of law enforcement wiretaps?

Communications Assistance for Law Enforcement Act

What is the discovery process and how does e-discovery fit into this process?

Discovery is the pretrial phase of a lawsuit in which each party can obtain evidence from the other party by various means, including requests for the production of documents. The purpose of discovery is to ensure that all parties will go to trial with as much knowledge as possible. Under the rules of discovery, neither party is able to keep secrets from the other. Should a discovery request be objected to, the requesting party may file a motion to compel discovery with the court.Electronic discovery (e-discovery) is the collection, preparation, review, and production of electronically stored information for use in criminal and civil actions and proceedings.

Which of the following acts restricted the government's ability to intercept electronic communications such as email, fax, and text messages?

ECPA

Title I of which of the following acts extends the protections offered under the Wiretap Act to electronic communications, such as fax and messages sent over the Internet?

Electronic Communications Privacy Act

Which act prohibits unauthorized access to stored wire and electronic communications, such as the contents of email inboxes, instant messages, message boards, and social networking sites?

Electronic Communications Privacy Act

Which act bars the export of data to countries that do not have data privacy protection standards comparable to those of its member countries?

European Union Data Protection Directive

Which act outlines who may access a user's credit information, how users can find out what is in their file, how to dispute inaccurate data, and how long data is retained?

Fair Credit Reporting Act

Which act allows consumers to request and obtain a free credit report each year from each of the three primary credit reporting companies?

Fair and Accurate Credit Transactions Act

A National Security Letter is subject to judicial review and oversight. (True or False)

False

A pen register is a device that records the originating number of incoming calls for a particular phone number. (True or False)

False

American citizens are protected by the Fourth Amendment even when there is no reasonable expectation of privacy. (True or False)

False

The Privacy Act of 1974 extends to the actions of the CIA, U.S. law enforcement agencies, and the private industry. (True or False)

False

The U.S. has a single, overarching national data privacy policy.(True or False)

False

The USA PATRIOT Act grants citizens the right to access certain information and records of federal, state, and local governments upon request. (True or False)

False

The rights assigned to parents by the Family Educational Rights and Privacy Act transfer to the student once the student reaches the age of 21.(True or False)

False

There is virtually no way to limit the deposit of cookies on a user's hard drive. (True or False)

False

Under the Right to Financial Privacy Act, a financial institution can release a customer's financial records without the customer's authorization as long as it is a government authority that is seeking the records. (True or False)

False

Which act presumes that a student's records are private and not available to the public without the consent of the student?

Family Educational Rights and Privacy Act

In Doe v. Holder, the courts ruled that the NSL gag provision violates which of the following?

First Amendment

trans border data flow

For some organizations and some countries, a key issue is the flow of personal data across national boundaries

In 2008, which act granted expanded authority to collect, without court-approved warrants, international communications as they flow through U.S. telecom network equipment and facilities?

Foreign Intelligence Surveillance Act Amendments Act

Which act protects citizens from unreasonable government searches and is often invoked to protect the privacy of government employees?

Fourth Amendment

Which act enables the public to gain access to certain government records?

Freedom of Information Act

Which act requires that financial institutions must provide a privacy notice to each consumer that explains what data about the consumer is gathered, with whom that data is shared, how the data is used, and how the data is protected?

Gramm-Leach-Bliley Act

Which of the following is an act that repealed a depression-era law known as Glass-Steagall?

Gramm-Leach-Bliley Act

Which act prohibits the government from concealing the existence of any personal data record-keeping systems?

Privacy Act

Which of the following rules requires each financial institution to document a data security plan describing the company's preparation and plans for the ongoing protection of clients' personal data?

Safeguards Rule

Bill of Rights

Ten of these proposed amendments were ultimately ratified and become known as

Although the Constitution does not contain the word privacy, the U.S. Supreme Court has ruled that the concept of privacy is protected by which of the following?

The Bill of Rights

The Fourth Amendment

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Electronic discovery is the collection, preparation, review, and production of electronically stored information for use in criminal and civil actions and proceedings. (True or False)

True

Electronically stored information includes any form of digital information stored on any form of electronic storage device.(True or False)

True

Information privacy is the combination of communications privacy and data privacy. (True or False)

True

The European Union Data Protection Directive requires member countries to ensure that data transferred to non-European Union countries is protected. (True or False)

True

The Foreign Intelligence Surveillance Act describes procedures for the electronic surveillance of communications between foreign powers and the agents of foreign powers. (True or False)

True

The Gramm-Leach-Bliley Act includes three key rules that affect personal privacy: financial privacy rule, safeguards rule, and pretexting rule. (True or False)

True

The Health Insurance Portability and Accountability Act requires healthcare organizations to employ standardized electronic transactions, codes, and identifiers to enable them to fully digitize medical records thus making it possible to exchange medical records over the Internet. (True or False)

True

The cost of a data breach can be quite expensive, by some estimates nearly $200 for each record lost. (True or False)

True

The use of cookies and tracking software is controversial because companies can collect information about consumers without their explicit permission. (True or False)

True

The use of information technology in business requires balancing the needs of those who use the information that is collected against the rights and desires of the people whose information is being used. (True or False)

True

Through the use of cookies, a Web site is able to identify visitors on subsequent visits. (True or False)

True

Under the USA PATRIOT Act, the FBI can issue a National Security Letter to compel banks, Internet service providers, and credit reporting companies to turn over information about their customers without a court order simply on the basis that the information is needed for an ongoing investigation. (True or False)

True

Which of the following acts gave sweeping new powers both to domestic law enforcement and international intelligence agencies, including increasing the ability of law enforcement agencies to search telephone, email, medical, financial, and other records?

USA PATRIOT Act

pen register

a device that records electronic impulses to identify the numbers dialed for outgoing call

trap or trace

a device that records the originating num- ber of incoming calls for a particular phone number

A vehicle event data recorder (EDR) is a device that records vehicle and occupant data for a few seconds before, during, and after any vehicle crash that is severe enough to deploy the vehicle's air bags. a. True b. False

a. True

The Constitution does not contain the word privacy, but the Supreme Court has ruled that the concept of privacy is protected by the Bill of Rights. a. True b. False

a. True

The Foreign Intelligence Surveillance Act:

allows surveillance, without court order, within the United States for up to a year unless the "surveillance will acquire the contents of any communication to which a U.S. person is a party."

Children's Online Privacy Protection Act (COPPA)

any website that caters to children must offer comprehensive privacy policies, notify parents or guardians about its data collection practices, and receive parental consent before collecting any personal information from children under 13 years of age.

Online marketers can capture personal information, such as names, addresses, and Social Security numbers without requiring consent. a. True b. False

b. False

Title III of the Wiretap Act allows state and federal law enforcement officials to use wiretapping without requiring them to obtain warrants. a. True b. False

b. False

In the context of tenets of the European Union Data Protection Directive, which of the following terms refers to an individual's right to challenge the accuracy of the data and provide the corrected data?

correction

The Organisation for Economic Co-operation and Development's requirement that personal data collected should be accurate, complete, current, and relevant to the purpose for which it is used is based on which principle?

data quality

Electronics Privacy Communications

deals withthree main issues: (1) the protection of communications while in transfer from sender toreceiver; (2) the protection of communications held in electronic storage; and (3) theprohibition of devices from recording dialing, routing, addressing, and signaling informa-tion without a search warrant.

Foreign Intelligence Surveillance Act (FISA)

describes procedures for the electronic surveillance and collection of foreign intelligence information in communications between foreign powers and the agents of foreign powers.

The Children's Online Privacy Protection Act:

does not cover the dissemination of information to children

In the context of tenets of The European Union Data Protection Directive, which of the following terms refers to an individual's right to seek legal relief through appropriate channels to protect privacy rights?

enforcement

The Privacy Act

establishes a code of fair information practices that sets rules for the collection, maintenance, use, and dissemination of personal data that is kept in sys- tems of records by federal agencies.

One purpose of which of the following is to capture and record data that can be used by the manufacturer to make future changes to improve vehicle performance in the case of a crash?

event data recorder

Discovery is part of the pretrial phase of a lawsuit in which each party can obtain which of the following from the other party by various means?

evidence

Established in 1980, The Organisation for Economic Co-operation and Development's created which of the following, which are often held up as the model of ethical treatment of consumer data?

fair information practices

PATRIOT Sunsets Extension Act of 2011

granted a four-year extension of two key provisions in the USA PATRIOT Act that allowed roving wiretaps and searches of business records.

Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008

granting NSA expanded authority to collect, without court- approved warrants, international communications as they flow through U.S. telecommu- nications network equipment and facilities.

Freedom of Information Act (FOIA)

grants citizens the right to access certain infor- mation and records of federal, state, and local governments upon request. FOIA is a pow- erful tool that enables journalists and the public to acquire information that the government is reluctant to release.

Electronically stored information (ESI)

includes any form of digital information, including emails, drawings, graphs, web pages, photographs, word-processing files, sound recordings, and databases stored on any form of magnetic storage device, including hard drives, CDs, and flash drives.

vehicle event data recorder (EDR)

is a device that records vehicle and occupant data for a few seconds before, during, and after any vehicle crash that is severe enough to deploy the vehicle's air bags

Family Educational Rights and Privacy Act (FERPA)

is a federal law that assigns certain rights to parents regarding their children's educational records. These rights transfer to the student once the student reaches the age of 18, or earlier, if he or she attends a school beyond the high school level

Predictive coding

is a process that couples human guidance with computer-driven concept searching in order to "train" document review software to recognize relevant documents within a document universe.

Fair Information Practices

is a term for a set of guidelines that govern the collection and use of personal data.

The American Recovery and Reinvestment Act

is a wide-ranging act passed in 2009 that authorized $787 billion in spending and tax cuts over a 10-year period.

U.S. person

is defined as a U.S. citizen, permanent resident, or company.

Cyberloafing

is defined as using the Internet for purposes unrelated to work such as posting to Facebook, sending personal emails or Instant messages, or shopping online

Foreign intelligence

is information relating to the capabilities, intentions, or activities of foreign governments or agents of foreign governments or foreign organizations.

Electronic discovery (e-discovery)

is the collection, preparation, review, and production of electronically stored information for use in criminal and civil actions and proceedings.

Information privacy

is the combination of communications privacy (the ability to communicate with others without those communications being monitored by other persons or organizations) and data privacy (the ability to limit access to one's personal data by other individuals and organizations in order to exercise a substantial degree of control over that data and their use)

Identity theft

is the theft of personal information, which is then used without the owner's permission.

data breach

is the unintended release of sensitive data or the access of sensitive data(e.g., credit card numbers, health insurance member ids, and Social Security numbers) by unauthorized individuals

The Right of Financial Privacy Act

protects the records of financial institu- tion customers from unauthorized scrutiny by the federal government.

The Wiretap Act

regulates the interception of wire (telephone) and oral communications

The Fair Credit Reporting Act

regulates the operations of credit reporting bureaus, including how they collect, store, and use credit information.

cookies

text files that can be downloaded to the hard drives of users who visit a website, so that the website is able to identify visitors on subsequent visits.

litigation hold notice

that informs its employees (or employees or officers of the opposing party) to save relevant data and to suspend data that might be due to be destroyed based on normal data-retention rules.

National Security Letter(NSL)

to an Internet service provider to provide various data and records about a service subscriber

opt out

to refuse to give the institution the right to collect and share personal data with unaffiliated parties.

A device that records the originating number of incoming calls for a particular phone number is known as which of the following?

trap and trace

stalking app

vehicle event data recorder (EDR)

Health Insurance Portability and Accountability Act (HIPAA)

was designed to improve the portability and continuity of health insurance coverage; to reduce fraud, waste, and abuse in health insurance and healthcare delivery; and to sim- plify the administration of health insurance

Communications Assistance for Law Enforcement Act (CALEA)

was passed by Congress in 1994 and amended both the Wiretap Act and ECPA.

USA Freedom Act

was passed following startling revelations by Edward Snowden (a former government contractor who copied and leaked classified information from the NSA in 2013 without authorization) of secret NSA surveillance programs.

Fair and Accurate Credit Transactions Act

was passed in 2003 as an amendment to the Fair Credit Reporting Act, and it allows consumers to request and obtain a free credit report once each year from each of the three primary consumer credit reporting companies (Equifax, Experian, and TransUnion).

USA Patriot Act (2001)

was passed just five weeks after the terrorist attacks of September 11, 2001.

FISA court

which meets in secret to hear applications for orders approving electronic surveillance anywhere within the United States.

NSL gag provision

which prohibits NSL reci- pients from informing anyone, even the person who is the subject of the NSL request, that the government has secretly requested his or her records violates the First Amendment.

In the context of the Fourth Amendment, the courts have ruled that:

without a reasonable expectation of privacy, there is no privacy right

The Health Insurance Portability and Accountability Act requires healthcare providers to obtain which of the following from patients prior to disclosing any information in their medical records?

written consent