Structure and Enforcement of US Law

Question 1

What are the sources of U.S. law?

Answer 1

1. Constitutions
2. Legislation
3. Regulations and Rules
4. Case Law
5. Common Law
6. Contract Law

Question 2

Is the right to privacy explicit in the U.S. Constitution.

Answer 2

No, the word “privacy” is not in the U.S. constitution. However, some parts directly affect privacy such as the 4th Amendment which limits gov searches. Amendments 3, 5, 9, and 14 also provide privacy protections to Americans. State constitutions may create stronger rights than those found in the U.S. constitution. For example, CA state constitution expressly recognizes a right to privacy.

Question 3

What is legislation?

Answer 3

Laws passed by Congress or state legislatures. State legislation may be stricter than national legislation, and vice versa

Question 4

What are Regulations and Rules?

Answer 4

Regulatory agencies, such as the Federal Trade Commission and Federal Communications Commission, issue regulations and rules that place compliance expectations on industries, such as marketing

Question 5

What is Case Law?

Answer 5

Final decisions made by judges in court cases. When similar issues arise in the future, judges may look to past decisions as precedent and decide the case in a manner consistent with past decisions - “stare decisis”, but precedents change

Question 6

What is Common Law?

Answer 6

legal principles that have developed over time through judicial decisions and contrast with statutory laws. Draw from social customs and expectations. EX) doctor-patient and attorney-client confidentiality

Question 7

What is a Consent Decree?

Answer 7

Consent decrees are agreements or settlements that resolve a dispute between a regulator and a private party without admission of guilt or liability. Through a legal document approved by a judge, the defendant may have to take specific action, such as agreeing to stop the alleged illegal activity or pay money to the government and agree to not violate the relevant law in the future.

Question 8

What are the fundamental requirements for forming a binding contract?

Answer 8

1. Offer
2. Acceptance
3. Consideration

Question 9

What is an Offer?

Answer 9

Proposed language to enter into a bargain. It must be communicated to another person and remain open until it is accepted, rejected, retracted or has expired. A counteroffer ends the original offer.

Question 10

What is Acceptance?

Answer 10

The assent or agreement by the receiver of the offer that the offer was accepted. Acceptance must be communicated to the offeror.

Question 11

What is Consideration?

Answer 11

Is the bargain-for exchange. Legal benefit received by one person and the legal detriment imposed to the other. Consideration usually takes the form of money, property, or services.

Question 12

What is Tort Law?

Answer 12

Are civil wrongs recognized by the law as the grounds for lawsuits. These wrongs result in an injury or harm that constitutes the basis for a claim.

Question 13

What are the 3 general tort categories?

Answer 13

1. Intentional Torts - when a defendant knew or should have known that their action or inaction would cause harm.
2. Negligent Torts - when a defendant’s actions were unreasonably careless or unsafe.
3. Strict Liability - when a defendant has legal responsibility for damages or injury even if they are not negligent or at fault, as in product liability

Question 14

What is a Person?

Answer 14

Any entity with legal rights, including an individual or a corporation.

Question 15

What is the meaning of Jurisdiction?

Answer 15

The authority of a court to hear a particular case. The court must have subject matter jurisdiction and personal jurisdiction.

Question 16

What is Preemption?

Answer 16

A superior government’s ability to have its laws supersede those of an inferior government.

Question 17

What is “Private Right of Action”?

Answer 17

The ability of an individual harmed by a violation of law to file a lawsuit against the violator.

Question 18

What is the purpose of a Notice?

Answer 18

1. consumer education

2. corporate accountability

Question 19

What is a Privacy Notice?

Answer 19

Often refers to external communications, issued to consumers, customers, or users.

Question 20

What is a Privacy Policy?

Answer 20

Often refers to internal standards used within the organization.

Question 21

What is Choice?

Answer 21

The ability to specify whether personal information will be collected and/or how it will be used or disclosed.

Question 22

What is an “opt in” choice?

Answer 22

An affirmative indication of choice based on an express act of the person giving the consent.

Question 23

What is an “opt out” choice?

Answer 23

A choice can be implied by the failure of the person to object to the use or disclosure.

Question 24

What is Access?

Answer 24

The ability to view personal information held by an organization.

Question 25

When must Access and Correction be provided?

Answer 25

When the information is used for any type of substantive decision making, such as for credit reports.

Question 26

Which federal agencies engage in regulatory activities concerning privacy in the private sector?

Answer 26

1. Federal Trade Commission (FTC)
2. Federal Communications Commission (FCC)
3. Department of Commerce (DoC)
4. Department of Health and Human Service (HHS)
5. Federal Reserve Board (Fed)
6. Office of Comptroller of the Currency (OCC)
7. Consumer Financial Protection Bureau (CFPB)

Question 27

Who enforces privacy at the state level?

Answer 27

State attorney generals

Question 28

How do state attorney generals bring enforcement actions?

Answer 28

Typically, pursuant to state laws prohibiting unfair and deceptive trade practices.

Question 29

What questions should be asked to understand any privacy related law, statute, or regulation?

Answer 29

1. Who is covered by this law?
2. What types of information (and what uses of information) are covered?
3. What exactly is required or prohibited?
4. Who enforces the law?
5. What happens if I don’t comply?
6. Why does this law exist?

Question 30

What are the 3 Branches of the U.S. Government? & What is the role of each branch?

Answer 30

Executive Branch
Enforces laws
President, Vice President, Cabinet and Federal Agencies

Legislative Branch
Makes laws
Congress (house of representatives and senate)

Judicial Branch
Interprets the law (determines if constitutional)
Federal courts

Question 31

What AMENDMENTS to the United States Constitution have been interpreted to provide privacy protection?

Answer 31

3rd Amendment (Soldiers Quartered)
4th Amendment (Search and Seizure)
5th Amendment (Self-Incrimination)
14th Amendment (Due Process)

Question 32

What are the roles and responsibilities of the Federal Communications Commission (FCC)?

Answer 32

Places significant compliance regulations on and governs the communications industry, such as television, radio, and telemarketing, and more recently, with online marketing developing such laws as the Telemarketing Sales Rule and Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act).

Along with the FTC, the FCC also enforces privacy laws.

Question 33

What are the roles and responsibilities of the Department of Commerce (DoC)?

Answer 33

Leading role in federal privacy policy development
Administers the Privacy Shield Framework between the United States and the EU.
The DOC works along with the FTC on the enforcement of privacy and security standards set by organizations, particularly with those having privacy self-regulatory programs.

Question 34

What are the roles and responsibilities of the Department of Health & Human Services (HHS)?

Answer 34

Creates regulations to protect the privacy and security of healthcare information.
Responsible for enforcing HIPAA laws.
The HHS shares rule-making and enforcement power with the FTC for data breaches related to medical records under the Health Information Technology for Economic and Clinical Health (HITECH) Act.

Question 35

What are the roles and responsibilities of the two agencies responsible for regulating the Banking Industry?

Answer 35

Federal Reserve Board
Responsible for enforcing provisions of specific federal financial regulatory mandates, such as the Gramm-Leach-Biley Act (or GLBA).
Consumer Financial Protection Bureau An independent bureau under the Federal Reserve, has rule-making authority for laws related to financial privacy and oversees the relationship between consumers and financial product and service providers

Office of the Comptroller of the Currency (OCC)
Independent bureau of the U.S. Department of Treasury.
Regulates and supervises all national and federal banks and savings institutions, including agencies of foreign banks.
Ensures fair access to financial services and compliance with financial privacy laws and regulations.

Question 36

What are the roles and responsibilities of the State Attorney Generals?

Answer 36

Chief legal advisor to the state government
State’s chief law enforcement officer. They may take enforcement action on a state’s unfair and deceptive practice law, HIPAA, GLBA, the Telemarketing Sales Rule and violations of breach notification laws

Question 37

What are Self- Regulatory Programs?

Answer 37

Organizations monitor privacy through internal privacy practices, frameworks/guidelines, policies and procedures created and monitored by industry groups.
Government agencies, such as the FTC, may be involved in enforcement and adjudication

Question 38

What are Trust Marks?

Answer 38

Images or logos of third party seal and certification programs that are displayed on websites to indicate that a business is a member of a professional organization or to show that it has adopted the guidelines of a program and passed a security and privacy test.
Designed to give customers confidence that they can safely engage in e-commerce transactions.

Examples include TrustArc, Norton, the Better Business Bureau, and EU-U.S. Privacy Shield

Question 39

What is Criminal Liability?

Initiated by, burden of proof, remedy, sources of law

Answer 39

Court proceedings for criminal prosecution
Initiated by: Government
Burden of Proof: Beyond a Reasonable Doubt
Remedy: Fines, restitution, incarceration or death
Sources of Law: Constitutions, laws and regulations

Question 40

What is Civil Liability?

Answer 40

Disputes between individuals or organizations
Plaintiff (Private Party or Government) sues a Defendant to address a wrong
Burden of Proof: Preponderance of evidence
Remedy: Monetary Compensation or Injunctions

Question 41

Federal privacy areas covered by federal agencies.

Answer 41

Medical - HHS Office of Civil Rights

Financial - CFPB generally; Federal Reserve and Comptroller of Currency for institutions under their jurisdiction pursuant to GLBA.

Education - ED

Telemarketing and marketing privacy - FCC (with FTC) under TCPA and other statutes.

Workplace privacy - EEOC and others.

Question 42

State Dept role in privacy

Answer 42

Negotiating internationally on privacy issues with other countries and multinational groups like OECD.

Question 43

US Dept of Commerce role in privacy?

Answer 43

Leading role in policy development and administered Privacy Shield Framework.

Question 44

US Dept of Transportation role in privacy?

Answer 44

Enforced privacy shield violations between US and EU for some transportation companies.

FAA, on drone policy.

National Highway Traffic Safety Administration, on connected cars.

Question 45

OMB role in privacy?

Answer 45

Interpreting Privacy Act of 1974.

Also issues guidance to agencies and contractors on privacy information security issues, such as data breach disclosure and privacy impact assessments.

Question 46

IRS role in privacy?

Answer 46

Subject to privacy rules re. tax records.

Other Dept of Treasury parts involved with financial records issues, including compliance with money laundering rules at the Financial rimes Enforcement Network.

Question 47

Binding Corporate Rules (BCRs)

Answer 47

Internal rules for data transfers within multinational companies, like a code of conduct for transfer.

Question 48

Standard Contract Clauses (SCCs)

Answer 48

Established by EU to cover data transfer outside of EU:

• 2 for controller to controller
• 1 for controller to processor

Question 49

The Federal Trade Commission Act

Answer 49

Codified in 15 USC section 45. Section 5(a) of the FTC act empowers the agency to enforce against - “unfair or deceptive acts or practices in or affecting commerce” are hereby declared unlawful.

Question 50

Limits on FTC Authority

Answer 50

1. Applies to commerce, excluding nonprofits

2. Excludes financial institutions

Question 51

FTC Privacy & Enforcement Actions

Answer 51

The FTC brings enforcement actions under Section 5 of the FTC Act, which prohibits unfair and deceptive trade practices which holds businesses to fair and transparent privacy and security standards.

Question 52

Consent Decree

Answer 52

Formal contract between the government requiring modification of business practices

Question 53

Information Resolution

Answer 53

Agreement that the accused company will modify business practices without a formal enforcement action

Question 54

FTC Sunset Policy

Answer 54

Sets a 20-year maximum length on consent agreements

Question 55

FTC Enforcement History

Answer 55

• From late 1990s - Chairman Pitofsky approach = “notice and choice”. Enforcement actions based on deception and failure to comply with privacy notice, rather than specific, tangible harm to consumers.
• From 2001 to 2009, Chairman Muris and Platt-Majors emphasized “harm-based model” for enforcement, i.e. harms due to identity theft, and invoked unfairness.
• 2009, Chairman Leibowitz, began including requirement of comperhensive privacy program in CDs, and beyond tangible harm.
• 2009 approach reflected in 2012 White House and FTC reports.

Question 56

Which U.S. statutes provide the FTC with additional enforcement authority over privacy issues?

Answer 56

The Children’s Online Privacy Protection Act (COPPA),

the Fair Credit Reporting Act (FCRA),

the Gramm-Leach Bliley Act (GLBA),

the CAN-SPAM Act

Question 57

What does Section 5(a) under the FTC Act prohibit?

Answer 57

“Unfair or deceptive acts or practices in or affecting commerce.”

Question 58

What are the primary regulatory authorities that regulate privacy in the U.S.?

Answer 58

i. Federal Trade Commission (FTC)
ii. Federal Communications Commission (FCC)
iii. Department of Commerce (DoC)
iv. Department of Health and Human Services (HHS)
v. Banking Regulators

Question 59

What are the primary banking regulators that regulate privacy in the U.S.?

Answer 59

i. Federal Reserve Board
ii. Comptroller of the Currency
iii. Consumer Financial Protection Bureau (CFPB)
iv. Federal Deposit Insurance Corporation (FDIC)
v. National Credit Union Administration

Question 60

Consumer Financial Protection Bureau

Answer 60

Summary: Regulates how financial institutions handle personal information

Detail: An independent bureau under the Federal Reserve. CFPB has rule marking authority for laws related to financial privacy and oversees the relationship between consumers and financial products and services providers

Question 61

State Attorney General

Answer 61

Chief legal advisor to the state government / state’s chief law enforcement officer. Authority to take enforcement action on a state’s unfair and deceptive practice law, HIPAA, GLBA, the Telemarketing Sales Rule, and violations of breach notification laws

Question 62

Self-Regulation Model

Answer 62

Organizations that monitor privacy through internal privacy practices, frameworks/guidelines, policies and procedures, created and monitored by industry groups

Question 63

Trust Marks

Answer 63

Images or logos of third-party seal and certification programs that are displayed on websites to indicate that it has adopted the guidelines or a program and passed a security and privacy test

Question 64

Criminal Liability

Answer 64

Violations of criminal law with charges by the government. Parties that include depriving someone of their liberty.

Question 65

Civil Liability

Answer 65

Failure to carry out a legal duty owed to another party. Charges brought to courts by the claimant.

Question 66

Can practices be both unfair and deceptive?

Answer 66

Yes.

Question 67

Unfair Trade Practices

Answer 67

Commercial conduct that intentionally causes substantial injury, without offsetting benefits, and that consumers cannot reasonably avoid.

Question 68

What are the three requirements to be an unfair trade practice?

Answer 68

1. Must cause or be likely to cause substantial injury
2. Must not be reasonably avoidable
3. Must not be outweighed by the benefits

Question 69

Deceptive Trade Practices

Answer 69

Corporate entities who mislead or misrepresent products or services to consumers and customers.

Question 70

What are the three requirements to be a deceptive trade practice?

Answer 70

1. Must involve a misleading representation, omission, or practice
2. Must be analyzed from the perspective of a reasonable consumer
3. Must be material

Question 71

Who brings forward state enforcement of unfair and/or deceptive trade practices?

Answer 71

The State Attorney General

Most states have similar laws to Section 5 of the FTC Act. These laws are commonly known as UDAP statutes. In addition to covering unfair and deceptive practices, some states allow enforcement against unconscionable practices.