- ADA: Americans with Disabilities Act
- http://www.ada.gov
- bars discrimination on permanent medical conditions
- ADEA: Age Discrimination and Employment Act
- http://www.eeoc.gov/laws/statutes/adea.cfm
- bars discrimination against individuals over 40.
- APA: Administrative Procedure Act
- empowers a gov agency to adjudicate internally before an administrative law judge.
- BA: Bankruptcy Act
- bars discrimination against persons who have filed for bankruptcy
- BSA: Bank Secrecy Act
- aka: Currency and Foreign Transactions Reporting Act
- money laundering
- record retention requirements
- Suspicious activity reports
- CALEA: Communications Assistance to Law Enforcement Act
- aka: Digital Telephony Bill
- yes, it really *is* what it sounds like
- CAN-SPAM: Controlling the Assault of Non-solicited Pornography and Marketing Act
- requires sender to provide a simple unsubscribe mechanism
- bars deceptive subjects, misleading headers
- COBRA: Consolidated Omnibus Budget Reconciliation Act
- continued health coverage after leaving employment
- COPPA: Children's Online Privacy Act
- http://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule
- requires parent consent for collection of personal data about kids under 13
- CRA: Civil Rights Act
- major anti-discrimination act, guarantees equal protection to all citizens regardless of race, color, sex, religion, origin
- Dodd-Frank Act: Wall Street Reform and Consumer Protection Act
- created the Consumer Financial Protection Bureau (CFPB)
- redefines "unfair and deceptive practices"
- enforcement powers over "abusive acts and practices"
- EEOC: Equal Employment Opportunity Commission
- enforcement agency against workplace discrimination
- ECPA: Electronic Communications Privacy Act
- bars interception of electronic communications
- many nuanced and complex exceptions like if one party gives consent
- ERISA: Employee Retirement Income Act
- ensures employee benefits programs are created fairly requiring disclosure to beneficiaries
- FACTA: Fair and Accurate Credit Transactions Act
- Amendment to FCRA
- Focuses on identity theft
- Disposal Rule: safely dispose of consumer reports to prevent fraud
- Red Flags Rule: detect, prevent, mitigate identity theft
- FCRA: Fair Credit Reporting Act
- requires accurate and relevant data collection
- provides access and correction
- limits use to permissible purposes (as defined in section 604)
- FDCPA: Fair Debt Collection Practices Act
- protection against unfair, deceptive or abusive collection practices
- FERPA: Family Educational Rights and Privacy Act
- aka: Buckley amendment
- places consent and disclosure requirements on educational institutions (or third party related to institutions) storing education records
- FISA: Foreign Intelligence Surveillance Act
- allows wiretap for national security investigations
- amended by US Patriot Act
- FLSA: Fair Labor Standards Act
- aka: Wages and Hours Bill
- established 40 hours week
- FSRRA: Financial Services Regulatory Relief Act
- provides a short privacy notice model for easier comparison of privacy practices by various financial institutions.
- GINA: Genetic Information Non-discrimination Act
- aims at prohibiting the use of genetic information for the purpose of employment or health insurance eligibility
- GLBA: Gramm-Leach-Bliley Act
- Privacy Rule: sets standard for privacy notice (9 categories annual report with opt-outs)
- Safeguards Rule: requires comprehensive information security program
- HIPAA: Health Information Portability and Accountability Act
- PHI: protected Health Information = any individually identifiable health information
- Privacy Rule:
- Privacy notices provided at or before date of first service
- Authorizations for uses, disclosures: use of PHI for essential healthcare purposes, anything requires patient explicit opt-in
- minimum necessary: limit use or disclosure of PHI to minimum
- Access given to patient to their PHI and disclosures. reasonable charges may apply
- Safeguards: administrative, physical and technical
- Accountability: designated person responsible for compliance
- Exceptions: de-identified data, research, law enforcement access ... no patient consent
- Security Rule:
- sets minimum security requirements for PHI
- "reasonable" security measures
- policies, procedures to prevent, detect, contain and remedy security issues
- requires to ensure confidentiality, integrity, availability of PHI
- to protect against reasonably foreseeable threats
- to ensure compliance
- training program, security awareness
- ongoing risk assessment
- HITECH: Health Information Technology for Economic and Clinical Health Act
- Reinforces on HIPAA
- Notice of Breach:
- notify HHS for a breach affecting 500 people or more
- notify media for a breach affecting 500 or more people in same jurisdiction
- definition of limited data set to the purpose
- ICRAA: CA Investigative Credit Reporting Agencies Act
- requires to disclose credit report request and obtain prior consent
- JFPA: Junk Fax Prevention Act
- restrict commercial fax to existing business relationship (EBR)
- Magnusson-Moss Warranty Act
- protect consumers from deceptive warranty practices
- gives FTC enforcement power against deceptive warranty practices
- No Child Left Behind Act:
- Restricts the use of student survey for commercial purposes
- NLRA: National Labor Relations Act
- sets standards for collective bargaining
- OSHA: Occupational Safety and Health Act
- compliance with OSHA might prompt employers to monitor employees while on the workplace. This prompts privacy questions. No audio recording. CCTV ok with no sound but only in non-private areas (no restrooms, locker room)
- OPPA: Online Privacy Protection Act
- requires to publish a privacy notice and enforce privacy policy
- Patriot Act
- Covers many topics with regards to privacy
- money laundering (International Money Laundering Abatement and Anti-Terrorist Financing Act)
- Computer trespasser exception (aka: hacker exception) allows electronic communication interception (with caveats)
- National Security Letters (NSL) can be issued by officials
- Pen register, trap and trace orders definitions are expanded beyond just telephony
- Section 215 "tangible records": federal court order can require the production of any "tangible record" for foreign intelligence and terrorism investigations
- PDA: Pregnancy Discrimination Act
- protects against discrimination for pregnancy, childbirth or related medical conditions
- PPA: Privacy Protection Act
- provides extra protection for journalists, newsrooms or any person engaged in First Amendment activities
- PPRA: Protection of Pupil Rights Amendment
- aka: Hatch Amendment
- protects pupils and parents in federally funded programs
- RFPA: Right to Financial Privacy Act
- Financial instituions cannot disclose financial records to federal agencies unless "reasonably described" and accompanied with
- explicit consent
- administrative subpoena, summons, search warrant, judicial subpoena, ...
- Securities and Exchange Act of 1934
- SCA: Stored Communications Act
- part of ECPA
- bars unauthorized acquisition, alteration or blocking of electronic communications while in storage
- TCPA: Telephone Consumer Protection Act
- amended by JFPA
- prohibits unsolicited commercial faxes
- TCFAPA: Telemarketing and Consumer Fraud and Abuse Prevention Act
- one of FTC statutes
- issued TSR as implementation, of which the most popular requirement is the Do Not Call registry
- VPPA: Video Privacy Protection Act
- requires video rental companies to provide opt-out of sharing video rental data
- WPA: Whistleblower Protection Act
- protects federal workers against personal actions related to their whistleblowing activity
January 29, 2014
US Privacy Lexicon
If like me you need a compass to wade through legal references in a privacy context, here is a quick lexicon of all the US law acts I stumbled upon. Over time, I will update this article with more links and data while trying to keep it small and manageable. Tough goal. However, this is not meant to be comprehensive but a map of legal lingo to layman's terms as it relates to privacy.
Subscribe to:
Posts (Atom)