Week1: Law & Data Privacy

Question 1

What are the 3 Branches of the U.S. Government? & What is the role of each branch?

Answer 1

Executive Branch
Enforces laws
President, Vice President, Cabinet and Federal Agencies

Legislative Branch
Makes laws
Congress (house of representatives and senate)

Judicial Branch
Interprets the law (determines if constitutional)
Federal courts

Question 2

What are SOURCES of law?

Answer 2

U.S. Constitution 
State Constitutions 
Legislation 
Regulations and Rules
Common Law/Case Law 
Contract Law

Question 3

What is the Supreme Law in the United States?

Answer 3

The U.S. Constitution

Question 4

Where is the word “Privacy” mentioned in the U.S. Constitution?

Answer 4

The word Privacy is NOT mentioned in the U.S. Constitution

Question 5

What is legislation?

Answer 5

Laws passed by federal and state legislatures.

Question 6

What is Common or Case Law?

Answer 6

Final decisions by judges in court cases.

Judges look at precedent (past decisions) to decide how to rule in a new case that is consistent with these past decisions.

Laws/Precedents change, as technological and societal values evolve over time

Question 7

What is required to have an enforceable (legally binding) contract?

Answer 7

Offer (terms of the agreement)

Acceptance (by the person to whom the offer was made), and

Consideration (bargained for exchange (e.g., money, property or services)).

Question 8

Does the U.S. Constitution always override the State Constitution?

Answer 8

No, State Constitutions can create stronger rights than those provided by the U.S. Constitution

Question 9

Do Federal Laws always override State Laws?

Answer 9

No, State Legislation may be stricter than national legislation. Federal law only override less strict state laws.

Question 10

Who issues Regulations and Rules?

Answer 10

Regulations and Rules are issued by regulatory agencies (e.g., FTC and FCC) placing compliance expectations on industries

Question 11

What AMENDMENTS to the United States Constitution have been interpreted to provide privacy protection?

Answer 11

3rd Amendment (Soldiers Quartered)
4th Amendment (Search and Seizure)
5th Amendment (Self-Incrimination)
14th Amendment (Due Process)

Question 12

What is Jurisdiction?

Answer 12

The authority of a court to hear a particular case

Question 13

What is the legal definition of “Person?”

Answer 13

Any entity with legal rights including:
Individuals (natural persons)
Corporations (legal person)

Question 14

What is “Preemption?”

Answer 14

A superior government’s ability to have its laws supersede those of an inferior government

Question 15

What is a “Private Right of Action?”

Answer 15

The ability of an individual harmed by a violation of a law to file a lawsuit against the violator

Question 16

What are the roles and responsibilities of the Federal Trade Commission (FTC)?

Answer 16

General Authority to enforce rules against unfair and deceptive trade practices (including the power to bring deception enforcement actions where an organization has broken a privacy promise)
Statutory Responsibility for issues such as children’s online privacy and commercial email marketing.
Instrumental in developing U.S. privacy standards.

Question 17

What are the roles and responsibilities of the Federal Communications Commission (FCC)?

Answer 17

Places significant compliance regulations on and governs the communications industry, such as television, radio, and telemarketing, and more recently, with online marketing developing such laws as the Telemarketing Sales Rule and Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act).

Along with the FTC, the FCC also enforces privacy laws.

Question 18

What are the roles and responsibilities of the Department of Commerce (DoC)?

Answer 18

Leading role in federal privacy policy development
Administers the Privacy Shield Framework between the United States and the EU.
The DOC works along with the FTC on the enforcement of privacy and security standards set by organizations, particularly with those having privacy self-regulatory programs.

Question 19

What are the roles and responsibilities of the Department of Health & Human Services (HHS)?

Answer 19

Creates regulations to protect the privacy and security of healthcare information.
Responsible for enforcing HIPAA laws.
The HHS shares rule-making and enforcement power with the FTC for data breaches related to medical records under the Health Information Technology for Economic and Clinical Health (HITECH) Act.

Question 20

What are the roles and responsibilities of the two agencies responsible for regulating the Banking Industry?

Answer 20

Federal Reserve Board
Responsible for enforcing provisions of specific federal financial regulatory mandates, such as the Gramm-Leach-Biley Act (or GLBA).
Consumer Financial Protection Bureau An independent bureau under the Federal Reserve, has rule-making authority for laws related to financial privacy and oversees the relationship between consumers and financial product and service providers

Office of the Comptroller of the Currency (OCC)
Independent bureau of the U.S. Department of Treasury.
Regulates and supervises all national and federal banks and savings institutions, including agencies of foreign banks.
Ensures fair access to financial services and compliance with financial privacy laws and regulations.

Question 21

What are the roles and responsibilities of the State Attorney Generals?

Answer 21

Chief legal advisor to the state government
State’s chief law enforcement officer. They may take enforcement action on a state’s unfair and deceptive practice law, HIPAA, GLBA, the Telemarketing Sales Rule and violations of breach notification laws

Question 22

What are Self- Regulatory Programs?

Answer 22

Organizations monitor privacy through internal privacy practices, frameworks/guidelines, policies and procedures created and monitored by industry groups.
Government agencies, such as the FTC, may be involved in enforcement and adjudication

Question 23

What are Trust Marks?

Answer 23

Images or logos of third party seal and certification programs that are displayed on websites to indicate that a business is a member of a professional organization or to show that it has adopted the guidelines of a program and passed a security and privacy test.
Designed to give customers confidence that they can safely engage in e-commerce transactions.

Examples include TrustArc, Norton, the Better Business Bureau, and EU-U.S. Privacy Shield

Question 24

What is Criminal Liability?

Answer 24

Court proceedings for criminal prosecution
Initiated by: Government
Burden of Proof: Beyond a Reasonable Doubt
Remedy: Fines, restitution, incarceration or death
Sources of Law: Constitutions, laws and regulations

Question 25

What is Civil Liability?

Answer 25

Disputes between individuals or organizations
Plaintiff (Private Party or Government) sues a Defendant to address a wrong
Burden of Proof: Preponderance of evidence
Remedy: Monetary Compensation or Injunctions

Question 26

What is Administrative Enforcement?

Answer 26

Adjudication by an agency
Initiated by Agency (e.g., FTC) 
Burden of Proof: Burden of Persuasion
Remedy: Actions and Fines
Sources of Law: Statutes that create agency governance

Question 27

What is a Consent Decree?

Answer 27

An Agreement between the Government Agency and offending party requiring the offending party to do a specific actions and/or pay a fine.

Question 28

Privacy Enforcement

What are the sources of law for legal liability in civil litigation?

Answer 28

Tort
Contract
Common law

Question 29

What is a Tort?

Answer 29

A tort is a civil wrong recognized by law as having the grounds for lawsuits.
The primary goal for the lawsuit is to provide relief for damages incurred and deter others from committing the same wrongs.

Question 30

What are the three general categories of a Tort and a description of each?

Answer 30

Intentional
Defendant knew or should have known that their action or inaction would cause harm

Negligent
Absence of failure to exercise proper or ordinary care. Defendant’s actions are unreasonably careless or unsafe.

Strict Liability
Defendant has legal responsibility for damages or injury even if they are not negligent or at fault (e.g. product liability)

Question 31

What are other categories of legal liability (stemming from obligations under the law) and their descriptions other than a tort?

Answer 31

Breach of Warranty
Failure of a seller to fulfill the terms of a promise, claim or representation

Misrepresentation
False statements about a particular product or service

Defamation
Untruth about another that will harm the reputation of the person or organization defamed by libel (written defamation) or slander (oral defamation)

Statutory Actions

Question 32

What federal agencies (other than those previously discussed) are responsible for enforcing or providing guidance on privacy laws and regulations?

Answer 32

Department of Homeland Security::
E-Verify Program
Rules for air traveler records (TSA)
Immigration and other border issues (Immigration and Customs Enforcement)
State Department::
Negotiates internationally with other countries on privacy issues and in multinational groups
Office for Civil Rights (HHS)::
Role in enforcing HIPAA rules
Department of Transportation::
Transportation Companies
Drones (FAA)
Internet-connected cars (National Highway Traffic Safety Administration)
Internal Revenue Service::
Privacy rules concerning tax records
Office of Management and Budget::
Interpretation of the Privacy Act of 1974
Guidance to federal agencies and their contractors

Question 33

How do states enforce privacy laws and regulations?

Answer 33

State Attorney Generals
enforce laws/statutes and
unfair and deceptive practices (e.g., inadequate data protection and security capabilities)

Question 34

What supports cross-border enforcement?

Answer 34

Cooperation between enforcement agencies, organizations and governments in more than one country/jurisdiction

OECD (Organization for Economic Cooperation and Development) - in 2007, adopted recommendations on cross-border cooperation in enforcement of laws protecting privacy

GPEN (Global Privacy Enforcement Network) – created in response to OECD recommendations. Aims to promote cross-border information sharing as well as investigation and enforcement cooperation among privacy authorities around the world.

APEC (Asia Pacific Economic Cooperation) CPEA (Cross Border Privacy Enforcement Arrangement) – share information and evidence in cross-border investigations and enforcement actions in the Asia-Pacific region.