- Data Mining case heads to Supreme Court and currently Supreme Court Weighs Whether to Limit Data Mining will have tremendous impact on data mining for marketers who sell personal information (still pending, May 2011)
- Commercial Privacy Bill of Rights Act of 2011 — Senators John Kerry and John McCain have introduced legislation to balance individual privacy rights while allowing businesses to collect marketing information.
Find out what is legal an what’s not:
- DOJ Computer Crime and Intellectual Property Section:
- FindLaw – search for rules made by federal agencies and executive departments: http://www.findlaw.com/casecode/cfr.html
Law Blogs — focusing on Technology issues:
- The Falcon’s View
- The Information Law Group
- Legal-Beagle: (Benjamin Wright) http://legal-beagle.typepad.com/
- Ernie the Attorney: (Ernest Svenson) http://www.ernietheattorney.net/
- Gulf Coast Legal Technology Center: (Tom O’Connor)
Federal Laws about Intellectual Property, Personal Data and Computers–
- What is Computer Law?
- Children’s Online Privacy Protection Act (COPPA): prohibits collecting and disclosing personal information from hundreds of thousands of children under age 13 without their parents’ prior consent.
- Communication Assistance for Law Enforcement Act (CALEA) 1994 — allows government to intercept wire and electronic communication under certain circumstances, to protect national security. Exempts most university campuses.
- Computer Fraud and Abuse Act 1986 (CFAA) defines protected computers, trafficking in passwords to access a computer without authorization, knowingly causing damage by digital means, accessing government computer without authorization.
- Computer Security Act (1987) makes NIST responsible for civilian government computers (non-DOD and not Intelligence agencies). Parts were replaced by FISMA.
- Cyber Security Enhancement Act (CSEA) 2002 –gave law enforcement wide powers and increased previously set penalties.
- Digital Millennium Copyright Act (DCMA) (1998) — updated world copyright laws to include new technology; deals with reverse engineering, encryption, permits technology to help parents control what children view on Internet.
- Economic Espionage Act (1996) makes theft of trade secrets a criminal offense
- Electronic Communications Privacy Act (ECPA) (1986) – amendment to federal wiretap law to newer types of communication. Officials can obtain cloud email without a warrant if it is older than 180 days although a warrant is needed if the email is stored on a hard drive. May 2011-Ammendment proposed
- Federal Information Security Management Act (FISMA) requires federal agencies to develop an information security program, conduct annual reviews and report to OMB. It assigns NIST and OMB specific responsibilities to protect information systems.
- FTC Health Breach Notification Rule: Covered health care providers are required to notify patients/customers if there is exposure of medical records.
- FTC Medical Identity Theft: using someone else’s name or insurance information to get medical treatment.
- Gramm-Leach-Bliley Act (GLBA): requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.
- Health Insurance Portability and Accountability Act (HIPAA)
The HHS Office for Civil Rights enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; and the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety.
- HHS HiTech Breach Notification Rule: HHS issued regulations requiring health care providers, health plans, and other entities covered by this rule, to notify individuals when their health information is breached.
- National Information Infrastructure Protection Act (NIIPA)(1996) expanded CFAA making it illegal to even view computer information without authorization; expanded protection of federal computer systems to apply also to pipelines, utilities, communication and other infrastructure.
- Privacy Act (1974) defines use of personal information by government agencies.
- USA Patriot Act of 2001 – complex law parts of which enabled telecommunication companies to voluntarily hand over previously private information. Allows government to work with telcos to monitor hacking activity.