1	Kids, Cash and Kidneys… Privacy and Laws Parry Aftab, Esq. The Privacy Lawyer privacylawyer.com
2	Privacy and US Laws Americans see privacy differently from others around the world Americans trust commercial entities with information they don’t want the government to have Europeans and Asians tend to trust the government, not private enterprises with their personal information
3	U.S. Privacy Regulatory Framework US Constitution (privacy is a “penumbra” that is implied within the Bill of Rights) State Constitutions Federal statutory schemes State statutory schemes Regulated industry and best practice standards State common law Consumer protection agency fraud oversight Contractual schemes (TRUSTe, BBBonline, confidentiality agreements, Internet use policies, etc.)
4	US Privacy Laws US privacy laws have changed dramatically post Sept 11^th Most privacy laws deal with special information or protected groups: Kids (children’s privacy) Cash (financial privacy) Kidneys (health privacy…I couldn’t come up with another “K” sound J) Until the advent of the ‘Net, most people didn’t look to laws for privacy protection Since data security is more apparent online, it has now raised offline concerns as well
5	The Most Powerful Federal Privacy Laws Fair Credit Reporting Act Privacy Act Family Educational Rights and Privacy Act Right to Financial Privacy Act Privacy Protection Act Electronic Communications Privacy Act Video Privacy Protection Act Employee Polygraph Protection Act Telephone Consumer Protection Act Health Insurance Portability and Accountability Act Driver's Privacy Protection Act Identity Theft and Assumption Deterrence Act Gramm-Leach-Bliley Act (Title V) Children's Online Privacy Protection Act
6	Additional Laws that Impact Privacy Computer Fraud and Abuse Act (criminalizes hacking and break-ins) The Federal Trade Act (has general anti-fraud and safety authority) Cable Communications Policy Act (protects subscribers from having their private information shared) Telecommunications Act of 1996 (protects subscribers from unauthorized use of their personal information) The Foreign Intelligence Surveillance Act of 1978 (permitting surveillance without a court order) The Patriot Act (which alters many of the foregoing) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001
7	Juggling Information and Trust Tension between marketing and trust The commercial value of information The high cost of preserving data The high cost of converting archival data The lowest or highest common denominator ? The value of data protection to customers Monitoring the workforce vs. trusting them Managing security and access
8	Most US privacy laws focus on transfer of information From a governmental agency to other governmental agencies From the government to the private sector From the private sector to the government From an employer to any third party From one company to another From a health care provider to an employer or any third party From one entity to its successor following a corporate merger or sale of assets
9	Essentially four factors are involved Disclosure or notice Who are you? What are you doing? Consent Opt-in Opt-out Offline verifiable consent Security How secure is the data you are storing? Verification, access or control over the data Can you change your consent? Or view and correct information or have it removed?
10	Trust and Workplace Privacy Privacy may be established by law But in the US it mostly involves trust ECPA, HIPPA and FCRA all apply in the workplace Unionized workers have special protection But most workplace privacy issues are contractual, not statutory Electronic use policies
11	Setting Policies What would you protect? Why? How? What would you collect? Why and how? Creating awareness among the customer bases/consumers Creating accountability
12	Perform an Audit Review your practices Do you do business online or have a website? Do your employees use the Internet? Do you have off-shore employees? Do you do business directly with consumers? Are they located off-shore? Are you in a regulated industry or an industry dealing with “kids, cash or kidneys”? Visit aftab.com for updated audit checklists or e-mail parry@aftab.com to join our mailing list. (Your privacy is protected J )