Structure and Enforcement of US Law Flashcards

You may prefer our related Brainscape-certified flashcards:
1
Q

What are the sources of U.S. law?

A
  1. Constitutions
  2. Legislation
  3. Regulations and Rules
  4. Case Law
  5. Common Law
  6. Contract Law
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Is the right to privacy explicit in the U.S. Constitution.

A

No, the word “privacy” is not in the U.S. constitution. However, some parts directly affect privacy such as the 4th Amendment which limits gov searches. Amendments 3, 5, 9, and 14 also provide privacy protections to Americans. State constitutions may create stronger rights than those found in the U.S. constitution. For example, CA state constitution expressly recognizes a right to privacy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is legislation?

A

Laws passed by Congress or state legislatures. State legislation may be stricter than national legislation, and vice versa

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are Regulations and Rules?

A

Regulatory agencies, such as the Federal Trade Commission and Federal Communications Commission, issue regulations and rules that place compliance expectations on industries, such as marketing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Case Law?

A

Final decisions made by judges in court cases. When similar issues arise in the future, judges may look to past decisions as precedent and decide the case in a manner consistent with past decisions - “stare decisis”, but precedents change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Common Law?

A

legal principles that have developed over time through judicial decisions and contrast with statutory laws. Draw from social customs and expectations. EX) doctor-patient and attorney-client confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a Consent Decree?

A

Consent decrees are agreements or settlements that resolve a dispute between a regulator and a private party without admission of guilt or liability. Through a legal document approved by a judge, the defendant may have to take specific action, such as agreeing to stop the alleged illegal activity or pay money to the government and agree to not violate the relevant law in the future.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the fundamental requirements for forming a binding contract?

A
  1. Offer
  2. Acceptance
  3. Consideration
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is an Offer?

A

Proposed language to enter into a bargain. It must be communicated to another person and remain open until it is accepted, rejected, retracted or has expired. A counteroffer ends the original offer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Acceptance?

A

The assent or agreement by the receiver of the offer that the offer was accepted. Acceptance must be communicated to the offeror.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Consideration?

A

Is the bargain-for exchange. Legal benefit received by one person and the legal detriment imposed to the other. Consideration usually takes the form of money, property, or services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Tort Law?

A

Are civil wrongs recognized by the law as the grounds for lawsuits. These wrongs result in an injury or harm that constitutes the basis for a claim.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the 3 general tort categories?

A
  1. Intentional Torts - when a defendant knew or should have known that their action or inaction would cause harm.
  2. Negligent Torts - when a defendant’s actions were unreasonably careless or unsafe.
  3. Strict Liability - when a defendant has legal responsibility for damages or injury even if they are not negligent or at fault, as in product liability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a Person?

A

Any entity with legal rights, including an individual or a corporation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the meaning of Jurisdiction?

A

The authority of a court to hear a particular case. The court must have subject matter jurisdiction and personal jurisdiction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Preemption?

A

A superior government’s ability to have its laws supersede those of an inferior government.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is “Private Right of Action”?

A

The ability of an individual harmed by a violation of law to file a lawsuit against the violator.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the purpose of a Notice?

A
  1. consumer education

2. corporate accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is a Privacy Notice?

A

Often refers to external communications, issued to consumers, customers, or users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is a Privacy Policy?

A

Often refers to internal standards used within the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is Choice?

A

The ability to specify whether personal information will be collected and/or how it will be used or disclosed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is an “opt in” choice?

A

An affirmative indication of choice based on an express act of the person giving the consent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is an “opt out” choice?

A

A choice can be implied by the failure of the person to object to the use or disclosure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is Access?

A

The ability to view personal information held by an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

When must Access and Correction be provided?

A

When the information is used for any type of substantive decision making, such as for credit reports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which federal agencies engage in regulatory activities concerning privacy in the private sector?

A
  1. Federal Trade Commission (FTC)
  2. Federal Communications Commission (FCC)
  3. Department of Commerce (DoC)
  4. Department of Health and Human Service (HHS)
  5. Federal Reserve Board (Fed)
  6. Office of Comptroller of the Currency (OCC)
  7. Consumer Financial Protection Bureau (CFPB)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Who enforces privacy at the state level?

A

State attorney generals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

How do state attorney generals bring enforcement actions?

A

Typically, pursuant to state laws prohibiting unfair and deceptive trade practices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What questions should be asked to understand any privacy related law, statute, or regulation?

A
  1. Who is covered by this law?
  2. What types of information (and what uses of information) are covered?
  3. What exactly is required or prohibited?
  4. Who enforces the law?
  5. What happens if I don’t comply?
  6. Why does this law exist?
30
Q

What are the 3 Branches of the U.S. Government? & What is the role of each branch?

A

Executive Branch
Enforces laws
President, Vice President, Cabinet and Federal Agencies

Legislative Branch
Makes laws
Congress (house of representatives and senate)

Judicial Branch
Interprets the law (determines if constitutional)
Federal courts

31
Q

What AMENDMENTS to the United States Constitution have been interpreted to provide privacy protection?

A
3rd Amendment (Soldiers Quartered)
4th Amendment (Search and Seizure)
5th Amendment (Self-Incrimination)
14th Amendment (Due Process)
32
Q

What are the roles and responsibilities of the Federal Communications Commission (FCC)?

A

Places significant compliance regulations on and governs the communications industry, such as television, radio, and telemarketing, and more recently, with online marketing developing such laws as the Telemarketing Sales Rule and Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act).

Along with the FTC, the FCC also enforces privacy laws.

33
Q

What are the roles and responsibilities of the Department of Commerce (DoC)?

A

Leading role in federal privacy policy development
Administers the Privacy Shield Framework between the United States and the EU.
The DOC works along with the FTC on the enforcement of privacy and security standards set by organizations, particularly with those having privacy self-regulatory programs.

34
Q

What are the roles and responsibilities of the Department of Health & Human Services (HHS)?

A

Creates regulations to protect the privacy and security of healthcare information.
Responsible for enforcing HIPAA laws.
The HHS shares rule-making and enforcement power with the FTC for data breaches related to medical records under the Health Information Technology for Economic and Clinical Health (HITECH) Act.

35
Q

What are the roles and responsibilities of the two agencies responsible for regulating the Banking Industry?

A

Federal Reserve Board
Responsible for enforcing provisions of specific federal financial regulatory mandates, such as the Gramm-Leach-Biley Act (or GLBA).
Consumer Financial Protection Bureau An independent bureau under the Federal Reserve, has rule-making authority for laws related to financial privacy and oversees the relationship between consumers and financial product and service providers

Office of the Comptroller of the Currency (OCC)
Independent bureau of the U.S. Department of Treasury.
Regulates and supervises all national and federal banks and savings institutions, including agencies of foreign banks.
Ensures fair access to financial services and compliance with financial privacy laws and regulations.

36
Q

What are the roles and responsibilities of the State Attorney Generals?

A

Chief legal advisor to the state government
State’s chief law enforcement officer. They may take enforcement action on a state’s unfair and deceptive practice law, HIPAA, GLBA, the Telemarketing Sales Rule and violations of breach notification laws

37
Q

What are Self- Regulatory Programs?

A

Organizations monitor privacy through internal privacy practices, frameworks/guidelines, policies and procedures created and monitored by industry groups.
Government agencies, such as the FTC, may be involved in enforcement and adjudication

38
Q

What are Trust Marks?

A

Images or logos of third party seal and certification programs that are displayed on websites to indicate that a business is a member of a professional organization or to show that it has adopted the guidelines of a program and passed a security and privacy test.
Designed to give customers confidence that they can safely engage in e-commerce transactions.

Examples include TrustArc, Norton, the Better Business Bureau, and EU-U.S. Privacy Shield

39
Q

What is Criminal Liability?

Initiated by, burden of proof, remedy, sources of law

A

Court proceedings for criminal prosecution
Initiated by: Government
Burden of Proof: Beyond a Reasonable Doubt
Remedy: Fines, restitution, incarceration or death
Sources of Law: Constitutions, laws and regulations

40
Q

What is Civil Liability?

A

Disputes between individuals or organizations
Plaintiff (Private Party or Government) sues a Defendant to address a wrong
Burden of Proof: Preponderance of evidence
Remedy: Monetary Compensation or Injunctions

41
Q

Federal privacy areas covered by federal agencies.

A

Medical - HHS Office of Civil Rights

Financial - CFPB generally; Federal Reserve and Comptroller of Currency for institutions under their jurisdiction pursuant to GLBA.

Education - ED

Telemarketing and marketing privacy - FCC (with FTC) under TCPA and other statutes.

Workplace privacy - EEOC and others.

42
Q

State Dept role in privacy

A

Negotiating internationally on privacy issues with other countries and multinational groups like OECD.

43
Q

US Dept of Commerce role in privacy?

A

Leading role in policy development and administered Privacy Shield Framework.

44
Q

US Dept of Transportation role in privacy?

A

Enforced privacy shield violations between US and EU for some transportation companies.

FAA, on drone policy.

National Highway Traffic Safety Administration, on connected cars.

45
Q

OMB role in privacy?

A

Interpreting Privacy Act of 1974.

Also issues guidance to agencies and contractors on privacy information security issues, such as data breach disclosure and privacy impact assessments.

46
Q

IRS role in privacy?

A

Subject to privacy rules re. tax records.

Other Dept of Treasury parts involved with financial records issues, including compliance with money laundering rules at the Financial rimes Enforcement Network.

47
Q

Binding Corporate Rules (BCRs)

A

Internal rules for data transfers within multinational companies, like a code of conduct for transfer.

48
Q

Standard Contract Clauses (SCCs)

A

Established by EU to cover data transfer outside of EU:

  • 2 for controller to controller
  • 1 for controller to processor
49
Q

The Federal Trade Commission Act

A

Codified in 15 USC section 45. Section 5(a) of the FTC act empowers the agency to enforce against - “unfair or deceptive acts or practices in or affecting commerce” are hereby declared unlawful.

50
Q

Limits on FTC Authority

A
  1. Applies to commerce, excluding nonprofits

2. Excludes financial institutions

51
Q

FTC Privacy & Enforcement Actions

A

The FTC brings enforcement actions under Section 5 of the FTC Act, which prohibits unfair and deceptive trade practices which holds businesses to fair and transparent privacy and security standards.

52
Q

Consent Decree

A

Formal contract between the government requiring modification of business practices

53
Q

Information Resolution

A

Agreement that the accused company will modify business practices without a formal enforcement action

54
Q

FTC Sunset Policy

A

Sets a 20-year maximum length on consent agreements

55
Q

FTC Enforcement History

A
  • From late 1990s - Chairman Pitofsky approach = “notice and choice”. Enforcement actions based on deception and failure to comply with privacy notice, rather than specific, tangible harm to consumers.
  • From 2001 to 2009, Chairman Muris and Platt-Majors emphasized “harm-based model” for enforcement, i.e. harms due to identity theft, and invoked unfairness.
  • 2009, Chairman Leibowitz, began including requirement of comperhensive privacy program in CDs, and beyond tangible harm.
  • 2009 approach reflected in 2012 White House and FTC reports.
56
Q

Which U.S. statutes provide the FTC with additional enforcement authority over privacy issues?

A

The Children’s Online Privacy Protection Act (COPPA),

the Fair Credit Reporting Act (FCRA),

the Gramm-Leach Bliley Act (GLBA),

the CAN-SPAM Act

57
Q

What does Section 5(a) under the FTC Act prohibit?

A

“Unfair or deceptive acts or practices in or affecting commerce.”

58
Q

What are the primary regulatory authorities that regulate privacy in the U.S.?

A

i. Federal Trade Commission (FTC)
ii. Federal Communications Commission (FCC)
iii. Department of Commerce (DoC)
iv. Department of Health and Human Services (HHS)
v. Banking Regulators

59
Q

What are the primary banking regulators that regulate privacy in the U.S.?

A

i. Federal Reserve Board
ii. Comptroller of the Currency
iii. Consumer Financial Protection Bureau (CFPB)
iv. Federal Deposit Insurance Corporation (FDIC)
v. National Credit Union Administration

60
Q

Consumer Financial Protection Bureau

A

Summary: Regulates how financial institutions handle personal information

Detail: An independent bureau under the Federal Reserve. CFPB has rule marking authority for laws related to financial privacy and oversees the relationship between consumers and financial products and services providers

61
Q

State Attorney General

A

Chief legal advisor to the state government / state’s chief law enforcement officer. Authority to take enforcement action on a state’s unfair and deceptive practice law, HIPAA, GLBA, the Telemarketing Sales Rule, and violations of breach notification laws

62
Q

Self-Regulation Model

A

Organizations that monitor privacy through internal privacy practices, frameworks/guidelines, policies and procedures, created and monitored by industry groups

63
Q

Trust Marks

A

Images or logos of third-party seal and certification programs that are displayed on websites to indicate that it has adopted the guidelines or a program and passed a security and privacy test

64
Q

Criminal Liability

A

Violations of criminal law with charges by the government. Parties that include depriving someone of their liberty.

65
Q

Civil Liability

A

Failure to carry out a legal duty owed to another party. Charges brought to courts by the claimant.

66
Q

Can practices be both unfair and deceptive?

A

Yes.

67
Q

Unfair Trade Practices

A

Commercial conduct that intentionally causes substantial injury, without offsetting benefits, and that consumers cannot reasonably avoid.

68
Q

What are the three requirements to be an unfair trade practice?

A
  1. Must cause or be likely to cause substantial injury
  2. Must not be reasonably avoidable
  3. Must not be outweighed by the benefits
69
Q

Deceptive Trade Practices

A

Corporate entities who mislead or misrepresent products or services to consumers and customers.

70
Q

What are the three requirements to be a deceptive trade practice?

A
  1. Must involve a misleading representation, omission, or practice
  2. Must be analyzed from the perspective of a reasonable consumer
  3. Must be material
71
Q

Who brings forward state enforcement of unfair and/or deceptive trade practices?

A

The State Attorney General

Most states have similar laws to Section 5 of the FTC Act. These laws are commonly known as UDAP statutes. In addition to covering unfair and deceptive practices, some states allow enforcement against unconscionable practices.