Misc Items Flashcards Preview

CIPP/US - Complete > Misc Items > Flashcards

Flashcards in Misc Items Deck (24)
Loading flashcards...
1

Cable Communications Privacy Act of 1984

CCPA- regulates required notice of cable TV providers, once at start of service and annually thereafter.

You can request opt-out, but exceptions are:
- legit business activities
- court order
- Name and address only

FCC, FTC

2

Communications Assistance to Law Enforcement Act of 1994

CALEA, Digital Telephony Bill.
- requires communications companies to design products to allow for lawful government access (wiretaps, etc)

As of 2005, includes internet.

FCC, FTC

3

CAN-SPAM Consent to Share Requirements

"Express Prior Authorization"- must be an affirmative OK, like a checkbox or button. It can be written, oral, or digital, must there must be a record of it.

4

CAN-SPAM email requirements

- No false or misleading headers
- clear, working return email address
- clear opt-out without cost
- don't send to those who have unsubscribed (10 day grace period)
- no aggravated actions, like address harvesting
- pornographic content must have a warning label

Now covers texts, too

5

Cybersecurity Information Sharing Act of 2015

CISA- federal government can share unclassified, technical data with companies about attacks/breaches, as well as how to defend against them.

No consent needed. PI must be removed.

DHS, DOJ

6

Electronic Communications Privacy Act of 1986

Collective name of ECPA and Stored Wire Electronic Communications Act, which updates the Federal Wiretap Act.

Protects communications when made, in transit, and stored on computers.

Only one party (provider exception) needs to consent to share.

7

Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment, and Rehab Act of 1970

Must have written patient consent to share these types of medical records. Covers any program receiving federal funding.

Exceptions:
- medical emergency
- research
- audits, evaluations
- crimes on premises
- child abuse
- court order
- for the organization to provide services

Often in parallel with HIPAA.

AG.

8

FERPA vs. HIPAA

HIPAA doesn't cover a school if FERPA covers them. This is generally a public-funded school with a nurse on staff.

FERPA does NOT apply to private schools, so HIPAA would cover them.

College health centers treating only students = FERPA
College health centers treating students and staff = FERPA for students, HIPAA for staff

9

5th Amendment

No self-incrimination, which is often interpreted to mean you have a right to privacy in some situations

10

GINA- what agencies enforce it?

EEOC - Title II (employment discrimination)
DOL, HHS, Treasury- title I (genetic info in health insurance)

11

Junk Fax Prevention Act

Created the EBR exception in TCPA. Faxes must have a clear opt out.

FTC, FCC, TCPA

12

21st Century Cures Act of 2016

It's OK to give researchers health data to "expedite research."
Provisions:
- OK to view data remotely in compliance with HIPAA
- must have certs of confidentiality
- can't block pharma's access to the data
- no personal info

FDA

13

PATRIOT ACT, Section 215

"Library Records" provision and "Tangible Things" provision: allows FBI director to apply for an order to produce materials that assist in investigations against terrorism.
- things like books, papers, records

Only FISA and magistrate judges can grant it. Does NOT need to say why it was granted!

14

USA FREEDOM Act of 2015

Modified Patriot Act:
- outs some restriction on bulk collection, following Snowden
- restored roving wiretaps for terrorist tracking

15

Privacy Protection Act of 1980

PPA- gives the media extra protection from government searches in criminal investigations.

Based on 1978 case Zurcher v Standford Daily, where police used a warrant to look through unpublished photos of a demonstration to find a suspect. SC said this was OK as long as there was strong case that evidence would be found. Still requires warrant or subpoena

16

Binging Corporate Rules (BCRs)

Internal rules for data transfers within multinational companies, like a code of conduct for transfer.

17

Standard Contract Clauses (SCCs)

Established by EU to cover data transfer outside of EU:
- 2 for controller to controller
- 1 for controller to processor

18

4 Types of Privacy

Info (PII, etc)
Communications (mail, phone, email)
Bodily (drug testing, health testing, search, etc)
Territorial (home, work, monitoring, etc)

19

Data Controller vs. Processor

Per GDPR:

-Controller: determines the purpose and means for processing PI

- Processor: processes data on behalf of controller.

Under GDPR, the controller must make sure the processor takes appropriate security measures.

20

Is an IP personal data?

In the EU, yes. In the US, under the Privacy Act, no, but the FTC considers it PI if breached

21

Info Management: Discover, Build, Communicate, Evolve

Discover: ID the issue, self assess, and determine best practice

Build: Make procedures, verify, and implement

Communicate: document and educate

Evolve: affirm, monitor, and adapt

22

What laws DO NOT preempt stricter state law?

GLBA
TSR / TCPA
VPPA (except CA)
ECPA (except in DE and CT)
PPA
RFPA
HIPAA
SAMHSA

23

What laws allow for Private Right of Action?

CCPA
VPPA
FCRA
ECPA
CA SB 1386

24

What laws do NOT allow for private right of action?

GLBA
COPPA
CAN-SPAM
GINA