Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Cover Prefatory Material
Title Page Copyright Table of Contents Dedication About the Author Publisher’s Editorial Staff Introduction How to Use This Treatise
PART I. U.S. Federal Privacy and Data Protection Law
CHAPTER 1 — FOURTH AND FIFTH AMENDMENT PRIVACY LAW
§ 1.01.  Overview § 1.02.  Key Practice Insights § 1.03.  Cases
[1]  An Early Standard [2]  Less than Probable Cause [3]  Government Informants [4]  Expectation of Privacy [5]  Limitations on Searches and Seizures [6]  The Fourth Amendment and the Home [7]  Information Voluntarily Disclosed [8]  Application to Emerging Technologies
[a]  Overview. [b]  Cell Phones
[i]  Cell Phone Content. [ii]  Cell Phone Searches Incident to Arrest. [iii]  Cell Phone Tower Location Data. [iv]  Cell Phone Location Data.
[c]  Global Positioning Satellite (GPS). Technology
[i]  Overview. [ii]  United States v. Jones. [iii]  Cases Finding Violation. [iv]  Cases Finding No Violation.
[d]  Bulletin Board Systems (BBS). [e]  Mirror Ports. [f]  Warrantless Border Searches. [g]  Scanners. [h]  Laptops. [i]  Digital Cameras. [j]  DNA. [k]  Peer-to-Peer File Sharing (“P-P FS”). [l]  Drones
[i]  Constitutional Basis. [ii]  Legislative and Regulatory Activity.
[m]  Use of Data Acquired, but Beyond a Warrant’s Scope. [n]  E-Mail. [o]  How Much of a Computer May Be Searched?. [p]  Geographical Scope of Warrant.
[9]  Consent [10]  The Private Search Rule [11]  Application of Fourth Amendment to Foreigners
§ 1.04.  The Fifth Amendment
CHAPTER 2 — ELECTRONIC COMMUNICATIONS PRIVACY ACT
§ 2.01.  Federal Regulation of Surveillance
[1]  Overview [2]  Key Practice Insights.
§ 2.02.  The Wiretap Act of 1986
[1]  Overview. [2]  The General Prohibition. [3]  Exceptions. [4]  Obligations on Providers of Electronic Communications. [5]  Manufacture, Distribution, Possession and Advertising of Devices. [6]  Exclusion of Evidence. [7]  Authorization for Interception. [8]  Authorization for Disclosure and Use of Intercepted Communications. [9]  Procedure for Interception. [10]  Reports Concerning Interceptions. [11]  Private Right of Action. [12]  Injunction and Enforcement of CALEA. [13]  Pre-emption of State Law. [14]  CLOUD Act Amendment to Wiretap Act
§ 2.03.  The Stored Communications Act
[1]  Overview [2]  Unlawful Access [3]  Voluntary Disclosure. [4]  Required Disclosures. [5]  Preservation of Backup. [6]  Delayed Notice. [7]  Reimbursement of Costs. [8]  Private Right of Action. [9]  Access for Counterintelligence. [10]  Civil Action against United States. [11]  Constitutionality. [12]  Potential Conflict with FISA. [13]  Extraterritorial Application of the SCA.
§ 2.04.  The Pen Register Act
[1]  Overview. [2]  The General Prohibition. [3]  Application for an Order. [4]  Issuance of the Order. [5]  Installation Assistance. [6]  Emergency Installation and Use. [7]  Reports.
CHAPTER 3 — U.S. NATIONAL SECURITY SURVEILLANCE
§ 3.01.  Overview § 3.02.  Key Practice Insights § 3.03.  Constitutionality § 3.04.  The Foreign Intelligence Surveillance Act (“FISA”)
[1]  Introduction. [2]  Subchapter I on Electronic Surveillance
[a]  Authorization. [b]  The Foreign Intelligence Surveillance Court. [c]  Applications for a Court Order. [d]  Issuance of the Order. [e]  Use of FISA Information. [f]  Reports. [g]  Sanctions. [h]  Wartime Authorization. [i]  USA FREEDOM Act.
[3]  Subchapter II on Physical Searches
[a]  Authorization. [b]  Applications for Orders, Orders, and Use of Information. [c]  Oversight, Sanctions, and Wartime Authorization.
[4]  Subchapter III on Pen Registers for Foreign Intelligence
[a]  Applications and Orders. [b]  Emergency and Wartime Authorizations. [c]  Use of Information and Oversight. [d]  USA FREEDOM Act.
[5]  Subchapter IV on Access to Business Records for Foreign Intelligence
[a]  Application and Order. [b]  Does § 1861 Conflict with the Stored Communications Act? [c]  Other Matters. [d]  USA FREEDOM Act.
[6]  Other Subchapters
§ 3.05.  NSA Mass Acquisition of Telephony Metadata
[1]  Overview [2]  The Disclosures [3]  Does this Violate the law?
[a]  The Fourth Amendment
[i]  U.S. Supreme Court. [ii]  Foreign Intelligence Surveillance Court. [iii]  Other Courts.
[b]  Is this Conduct within 50 U.S.C. § 1861?
[i]  Overview of the Statute. [ii]  Application and Order. [iii]  Non-Disclosure. [iv]  Minimization. [v]  Other § 1861 Requirements. [vi]  Bulk Collection. [vii]  Potential Conflict with the Stored Communications Act. [viii]  Sovereign Immunity. [ix]  Some Other Legal Issues. [x]  NSA Non-Compliance.
[4]  Should the Law Permit Such a Demand?
[a]  Security vs. Privacy. [b]  Does the Government Need Bulk Collection? [c]  Hey, It’s Only Metadata. [d]  The Balancing. [e]  Judicial Deference to Claims Based on National Security Interests.
[5]  A Possible Resolution
[a]  Overview. [b]  Some Potential Modifications. [c]  The Privacy and Civil Liberties Oversight Board. [d]  Recommendations of the President’s Review Group, and the President’s Response. [e]  A Possible Model?
[6]  Fallout.
[a]  In Congress. [b]  In the Private Sector. [c]  In the European Union
[i]  Ad Hoc EU-US Working Group. [ii]  Report of The European Parliament.
[d]  The Positions of the Parties.
[7]  Conclusion [8]  Post-Revelation Reports of Surveillance and Surveillance Sharing by Foreign Governments
§ 3.06.  Presidential Policy Directive 28 § 3.07.  Other National Security Matters
CHAPTER 4 — FEDERAL LAWS REGARDING GOVERNMENT RECORDS
§ 4.01.  Overview § 4.02.  The Privacy Act of 1974
[1]  Introduction [2]  Key Practice Insights [3]  Conditions of Disclosure; Access [4]  Reports [5]  Remedies [6]  Matching Agreements [7]  Whose Records are Protected? [8]  Miscellaneous
§ 4.03.  The Freedom of Information Act (“FOIA”) of 1966
[1]  Overview [2]  Key Practical Insights [3]  Master Checklist [4]  Substance of the FOIA
[a]  Agency Obligations Under the FOIA [b]  FOIA Exceptions [c]  FOIA Guides and Reports
§ 4.04.  The Critical Infrastructure Information Act of 2002
[1]  Overview [2]  Substance of the Act
§ 4.05.  Internal Revenue Service Confidentiality Restrictions
[1]  Overview [2]  Substance of 26 U.S.C. § 6103 and Related Statutes
[a]  Restrictions on Disclosure [b]  Procedures [c]  Prohibition Regarding Software [d]  Criminal Sanctions [e]  Civil Actions
§ 4.06.  The Drivers Privacy Protection Act of 1994
[1]  Overview. [2]  Substance of the Statute
[a]  Basic Prohibitions. [b]  Resale or Redisclosure of Information. [c]  Sanctions. [d]  Litigation.
CHAPTER 5 — FAIR CREDIT REPORTING ACT
§ 5.01.  Overview § 5.02.  Credit Reporting Agencies and Consumer Reports
[1]  Introduction [2]  Permissible Uses of Consumer Reports [3]  Content of Consumer Reports [4]  Public Record Information for Employment Purposes [5]  Investigative Consumer Reports [6]  Obligations of Consumer Report Users [7]  Responsibilities of Furnishers of Information to CRAs [8]  Disclosures to Consumers [9]  Compliance Procedures [10]  Disputes [11]  Security Freezes
§ 5.03.  Identity Theft
[1]  Introduction [2]  Early Attempts to Deal with Identity Theft [3]  “Red Flag” and Other Identity Theft Regulations
[a]  Background [b]  The Fair and Accurate Credit Transactions Act (“FACTA”) [c]  Regulations
[i]  Red Flags [ii]  Red Flag Guidelines [iii]  Changes of Address [iv]  Address Discrepancies [v]  Penalties [vi]  Conclusion re Guidelines
[d]  Identity Theft and Assumption Deterrence Act.
[4]  Identity Theft Task Force and The FTC Report
[a]  Establishment [b]  “Strategic Plan” [c]  2008 Federal Trade Commission Report
[5]  Government Accountability Office Report [6]  Other Provisions Dealing with Identity Theft
§ 5.04.  Disposal of Records and Charges
[1]  Disposal of Records [2]  Charges
§ 5.05.  Sharing Among Affiliates § 5.06.  Enforcement
[1]  Private Civil and Criminal Liability for FCRA Violations
[a]  Introduction. [b]  Exemplary Suits. [c]  Class Action Aspects. [d]  Use of Experts in FCRA Litigation. [e]  The Injury Necessary for Standing.
[2]  Administrative Enforcement of the FCRA
§ 5.07.  Other Provisions
[1]  Disclosures to Government Agencies for Counterintelligence or Terrorism [2]  Corporate and Technological Circumvention Prohibited [3]  Preemption of State Laws
CHAPTER 6 — GRAMM-LEACH-BLILEY FINANCIAL INSTITUTION PRIVACY REQUIREMENTS
§ 6.01.  Overview § 6.02.  Key Practice Insights
[1]  Ascertain Scope of Conduct Covered [2]  Understand Notice and Opt-out Requirements [3]  Promote Compliance with Safeguard Rules
§ 6.03.  GLB Act Restrictions on Disclosure of Nonpublic Information
[1]  Master Checklist [2]  Restrictions on Disclosure; Exceptions [3]  Required Notices
[a]  Privacy Notice. [b]  Notice of Opportunity to Opt-out. [c]  Form of Notice.
[4]  Other GLB Requirements. [5]  Federal Trade Commission Privacy Regulations
[a]  FTC GLBA Privacy Rulemaking Jurisdiction. [b]  Information Governed. [c]  “Financial Institution” Defined. [d]  Consumer and Customer. [e]  Non-Affiliated Parties. [f]  Notice and Opt-out. [g]  Account Numbers. [h]  Application vel non to Lawyers. [i]  Litigation.
[6]  Federal Bank Regulatory Agency Regulations
[a]  Overview. [b]  Notice. [c]  Restrictions on Disclosure. [d]  Account Numbers. [e]  Service Providers. [f]  Pre-emption.
[7]  Securities and Exchange Commission Rules [8]  Bureau of Consumer Financial Protection Rules
§ 6.04.  The Safeguards Rules
[1]  Master Checklist [2]  Agency Rules
[a]  Framework of the Rules. [b]  Objectives. [c]  Elements. [d]  Other Agency Safeguard Rules.
§ 6.05.  GLB Act Prohibitions against Fraudulent Access to Financial Information § 6.06.  GLB Act Preemption of State Law
[1]  Policy Arguments Supporting Preemption [2]  State and Local Laws Regulating Financial Information [3]  Federal Statutory Preemption Provisions
[a]  GLB Act Title V, Subtitle A. [b]  GLB Act Title V, Subtitle B.
[4]  Gramm-Leach-Bliley Act Preemption Litigation
CHAPTER 7 — HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT PRIVACY REQUIREMENTS
§ 7.01.  Overview § 7.02.  Key Practice Insights § 7.03.  The Perceived Need for a Healthcare-Related Privacy Rule § 7.04.  The Structure of HIPAA Privacy and Security Requirements § 7.05.  The Privacy Rule Segment of the HIPAA Omnibus Rule
[1]  Overview. [2]  Entities Covered. [3]  Business Associates. [4]  Information Protected. [5]  Use and Disclosure of PHI [6]  Minimum Necessary [7]  Whistleblower [8]  Business Associate Contracts [9]  Group Health Plans [10]  Uses and Disclosures for Treatment, Payment or Health Care Operations [11]  Uses and Disclosures Requiring Authorization [12]  Uses and Disclosures Requiring Opportunity to Agree or Object [13]  Uses and Disclosures Not Requiring Opportunity to Agree or Object [14]  Requirements for De-Identification. [15]  Requirements for Minimization. [16]  Other Permitted Uses and Disclosures. [17]  Notice of Privacy Practices. [18]  Right to Request Privacy Protection. [19]  Right of Access to PHI. [20]  Right to Amend PHI. [21]  Right to Accounting of Disclosures. [22]  Administrative Requirements.
§ 7.06.  The Security Rule Segment of the HIPAA Omnibus Rule
[1]  General Requirements. [2]  Administrative Safeguards (164.308). [3]  Physical Safeguards (45 C.F.R. 164.310). [4]  Technical Safeguards (45 C.F.R. 164.312). [5]  Other Security Requirements (45 C.F.R. 164.314, 164.316).
§ 7.07.  The Breach Notification Segment of the HIPAA Omnibus Rule
[1]  General Rule. [2]  Notifications. [3]  Other Matters
§ 7.08.  Enforcement
[1]  Compliance and Investigations [2]  Civil Money Penalties
§ 7.09.  HIPAA Private Cause of Action § 7.10.  Criminal Prosecution § 7.11.  Preemption
[1]  The Rule. [2]  Cases.
CHAPTER 8 — FEDERAL TRADE COMMISSION PRIVACY INITIATIVES
§ 8.01.  Overview § 8.02.  Key Practice Insights § 8.03.  Early FTC Activities
[1]  Prior to 2000. [2]  The May 2000 FTC Report to Congress
[a]  Overview. [b]  The FTC 2000 Online Privacy Survey. [c]  The Advisory Committee Findings. [d]  FTC Recommendations.
[3]  The FTC’s 2001 Position.
§ 8.04.  Some Representative FTC Act Enforcement Actions
[1]  Overview. [2]  FTC Act § 5: Violation of a Privacy Policy
[a]  FTC Enforcement. [b]  FTC Proceedings. [c]  FTC Elections Not To Proceed.
[3]  Failure to Provide Adequate Security as Unfairness.
§ 8.05.  The Children’s Online Privacy Protection Act (COPPA)
[1]  Overview. [2]  The Statute. [3]  The FTC’s COPPA Rule
[a]  Overview. [b]  Definitions. [c]  General Requirements. [d]  Notice. [e]  Parental Consent. [f]  Right of Parental Review. [g]  Prohibition Against Conditioning. [h]  Security. [i]  Enforcement. [j]  Retention and Deletion. [k]  Safe Harbor Programs. [l]  Voluntary FTC Approval Processes. [m]  Severability.
[4]  Examples of COPPA Safe Harbor Programs. [5]  Self-Regulation
[a]  Self-Regulation Generally. [b]  Seal Programs. [c]  Antitrust Risk.
[6]  FTC Commentary. [7]  Survey Results. [8]  Some Representative COPPA Enforcement Proceedings.
§ 8.06.  Pretexting § 8.07.  Telemarketing
[1]  In General. [2]  Early State Activity. [3]  Congressional Action. [4]  The FCC Regime
[a]  Provisions in General. [b]  National Do-Not-Call List. [c]  Company Do-Not-Call List. [d]  Autodialers and Text Messaging. [e]  Prerecorded Messages. [f]  Caller ID. [g]  Junk Faxes. [h]  Sanctions.
[5]  The FTC Regime
[a]  The Telemarketing and Consumer Fraud and Abuse Prevention Act. [b]  The FTC Telemarketing Sales Rule.
[i]  General Provisions. [ii]  Deceptive Acts. [iii]  Abusive Acts. [iv]  Record-Keeping. [v]  Exemptions. [vi]  Actions by States. [vii]  Fees for Use of Registry.
[c]  Challenge to the FTC Registry.
[6]  The FCC Regime
[a]  The Telephone Consumers Protection Act of 1991. [b]  The FCC Regulations. [c]  Breakdown by Conduct of TCPA Rule Prohibitions and Requirements. [d]  Litigation.
[7]  The Do-Not Call List. [8]  Do-Not-Call List Litigation.
§ 8.08.  Behavioral Advertising § 8.09.  Fair Credit Reporting Act § 8.10.  Self-Regulation § 8.11.  The 2012 FTC Report § 8.12.  Data Brokers § 8.13.  Internet Service Providers—Who Regulates ISP Privacy?
CHAPTER 9 — CAN-SPAM ACT AND ANCILLARY MATTERS
§ 9.01.  Overview § 9.02.  Key Practice Insights § 9.03.  The Spam Phenomenon § 9.04.  Extra-Legal Suggestions § 9.05.  Federal Anti-Spam Legislation: The CAN-SPAM Act
[1]  Overview [2]  History and Perceptions of the CAN-SPAM Act [3]  Content of the CAN-SPAM Act
[a]  Civil Violations
[i]  Statutory Provisions— [ii]  Aggravated Civil Violations—
[b]  Criminal Violations [c]  Enforcement [d]  Preemption [e]  Agency Reports and Authorizations
§ 9.06.  FTC Regulations Pursuant to the CAN-SPAM Act
[1]  General Provisions [2]  Statutory Requirements [3]  “Primary Purpose” Rule [4]  Rule Modifying 10-Business-Day Period [5]  Rule on Identifying Sexually Oriented Material [6]  General Rule.
§ 9.07.  FTC Reports Pursuant to the CAN-SPAM Act
[1]  In General. [2]  The Statutory Requirement. [3]  Report on the Proposed Do-Not-E-mail Registry
[a]  Background. [b]  Headers. [c]  Hiding Origin. [d]  ISP Attempts to Combat Spam. [e]  Suggested Models for Registries. [f]  FTC Conclusion. [g]  FTC Proposal.
[4]  Reward System Report. [5]  CAN-SPAM Effectiveness Report. [6]  Report on Identifiability Requirement. [7]  FTC Review of CAN-SPAM Rule.
§ 9.08.  FCC Obligations Under the CAN-SPAM Act
[1]  The CAN-SPAM Act Provision. [2]  The FCC Rule.
§ 9.09.  SEC Anti-Spam Initiative § 9.10.  State Anti-Spam Legislation § 9.11.  Spam Litigation
[1]  CAN-SPAM Act Litigation [2]  State Causes
§ 9.12.  Foreign and International Anti-Spam Initiatives
[1]  FTC Anti-Spam Activities [2]  Other International Anti-Spam Activities [3]  Foreign Anti-Spam Activity
[a]  The European Union and Member States. [b]  Other Nations
APPENDIX 9 — CHAPTER APPENDIX
§ 9app.01.  Summary of the Can-Spam Act
Summary of the CAN-SPAM Act of 2003
Section 1: Short title. Section 2: Findings & Policy. Section 3: Definitions. Section 4: Prohibition Against Predatory and Abusive Commercial E-Mail. Section 5: Other Protections for Users of Commercial Electronic Mail. Section 6: Businesses Knowingly Promoted by Electronic Mail With False or Misleading Transmission Information.— Section 7: Enforcement Generally. Section 8: Effect on Other Laws. Section 9: Do-Not-E-Mail Registry.— Section 10: Study of the Effects of Commercial Electronic Mail.— Section 11: Improving Enforcement by Providing Rewards for Information About Violations: Labeling.— Section 12: Restrictions on Other Transmissions.— Section 13: Regulations.— Section 16: Effective Date.—
CHAPTER 10 — WORKPLACE AND OTHER FEDERAL PRIVACY LAWS
§ 10.01.  Overview § 10.02.  Key Practice Insights § 10.03.  Workplace Search and Seizure
[1]  Employer Justifications for Search and Seizure [2]  United States Supreme Court Cases
[a]  O’Connor v. Ortega. [b]  Ontario v. Quon.
[3]  Pertinent General Concepts
[a]  The Importance of Having a Policy. [b]  Practical Policy Suggestions. [c]  Consent to Search. [d]  Limited Expectation of Privacy. [e]  Standard for Invalidating Warrant for False Statement. [f]  Employer Conduct Outside the Workplace.
[4]  Workplace Search and Seizure in the Private Sector [5]  Workplace Search and Seizure in the Public Sector
[a]  Overview. [b]  Application Beyond Criminal Investigations. [c]  Expectation of Privacy. [d]  Reasonableness. [e]  How “Open” Is Open? [f]  Private Employer as Agent of Government. [g]  Employer Purposes in Searching. [h]  Employer Conduct Outside the Workplace. [i]  Erosion of Expectation of Privacy. [j]  Employer’s Duty to Take Action. [k]  Attorney-Client Privilege. [l]  The Work Product Immunity.
§ 10.04.  Workplace Electronic Monitoring: Federal Statutes
[1]  Prevalence of Electronic Workplace Monitoring. [2]  The Wiretap Act. [3]  The Stored Communications Act.
§ 10.05.  Workplace Aspects of the Fair Credit Reporting Act § 10.06.  The Employee Polygraph Protection Act of 1988 § 10.07.  Workplace Privacy Aspects of the Americans with Disabilities Act § 10.08.  Privacy Aspects of the Family Medical Leave Act § 10.09.  The Video Privacy Protection Act of 1988
[1]  The Statute. [2]  Who is Liable Under the Statute? [3]  What Information Is Covered? [4]  The “Ordinary Course of Business” Exception. [5]  The “Consent” Exception. [6]  Who is a “Consumer”? [7]  Preemption [8]  Injury [9]  Who “Knowingly” Discloses [10]  Standing Under the VPPA
§ 10.10.  Driver’s Privacy Act of 2015
CHAPTER 11 — STANDING IN PRIVACY LITIGATION
§ 11.01.  Overview § 11.02.  U.S. Supreme Court Cases on Standing
[1]  Constitutional Requirements. [2]  Prudential Standing: the “Zone of Interest” Test.
§ 11.03.  Federal Standing in Privacy Cases
[1]  Cases Finding Standing [2]  Cases Finding a Lack of Standing. [3]  Informational Standing.
§ 11.04.  State Law Standing in Privacy Cases
CHAPTER 12 — SELECTED FEDERAL LAWS AND ADMINISTRATION POSITIONS
§ 12.01.  Overview § 12.02.  Proposal for Consumer Privacy Bill of Rights § 12.03.  Building on the Strength of the U.S. Consumer Privacy Network § 12.04.  Defining a Consumer Privacy Bill of Rights
[1]  Fair Information Practice Principles (FIPPs). [2]  Individual Control. [3]  Transparency. [4]  Respect for Context. [5]  Security. [6]  Access and Accuracy. [7]  Focused Collection. [8]  Accountability.
§ 12.05.  Implementing the Consumer Privacy Bill of Rights: Multistakeholder Process to Develop Enforceable Codes of Conduct § 12.06.  Building on the FTC’s Enforcement Expertise
[1]  Protecting Consumers Through Strong Enforcement. [2]  Providing Incentives to Develop Enforceable Codes of Conduct.
§ 12.07.  Promoting International Interoperability § 12.08.  Enacting Consumer Data Privacy Legislation
[1]  Codify the Consumer Privacy Bill of Rights. [2]  Grant the FTC Direct Enforcement Authority. [3]  Provide Legal Certainty Through an Enforcement Safe Harbor. [4]  Balance Federal and State Roles in Consumer Data Privacy Protection. [5]  Preserve Effective Protections in Existing Federal Data Privacy Laws. [6]  Set a National Standard for Security Breach Notification.
§ 12.09.  Federal Government Leadership in Improving Individual Privacy Protections § 12.10.  The Podesta Report § 12.11.  The Report of the President’s Council § 12.12.  The Cybersecurity Act of 2015 § 12.13.  Administration Attempt to Obtain Public Voter Roll Information
[1]  The Facts [2]  The EPIC Suit [3]  Aggregations of Publicly Available Personal Information
§ 12.14.  Parameters of, and Examples of Federal Comprehensive Data Protection Bills (2019)
[1]  The Present Status. [2]  Key Contested Elements in a Comprehensive Federal Data Protection Law.
APPENDIX 12 — CHAPTER APPENDIX
§ 12App.01.  The Consumer Privacy Bill of Rights § 12App.02.  Comparison of the Consumer Privacy Bill of Rights to Other Statements of the Fair Information Practice Principles (FIPPs)
Chapters 13 –20 [Reserved]
PART II. U.S. State Privacy and Data Protection Law
CHAPTER 21 — PRIVACY TORTS
§ 21.01.  Introduction § 21.02.  Intrusion on Seclusion
[1]  The Restatement [2]  History of the Tort [3]  Private Matters [4]  Intrusion [5]  “Physically or Otherwise” Intrusive [6]  Highly Offensive [7]  First Amendment Defense [8]  The California Anti-Paparazzi Statute
§ 21.03.  Publicity of Private Facts
[1]  The Restatement [2]  Should The Tort Be Recognized? [3]  What Is “Publicity”? [4]  What Is “Private”? [5]  What Is “Of Legitimate Concern to The Public”? [6]  Does a Matter of Legitimate Public Concern Always Remain So? [7]  What Is a Matter “Highly Offensive to a Reasonable Person”?
§ 21.04.  Invasion of Privacy by Misappropriation
[1]  The Restatement [2]  N.Y. Civil Rights L. §§ 50, 51 [3]  “Own Use or Benefit”—Commercial Purpose [4]  A Right to Privacy Compared to Right to Publicity [5]  Damages
§ 21.05.  False Light
[1]  The Restatement [2]  Differences Between False Light and Defamation [3]  False Light
§ 21.06.  Constitutional Limitations
[1]  Constitutional Standards: Defamation and Invasion of Privacy [2]  The Constitutional Standard in Defamation [3]  The Constitutional Standard in Invasion of Privacy
CHAPTER 22 — U.S. DATA BREACH NOTIFICATION LAWS
§ 22.01.  Overview § 22.02.  Key Practice Insights § 22.03.  The Surge in Disclosed Data Security Breaches
[1]  Overview [2]  Representative Disclosed Data Security Breaches
[a]  Breaches Involving Laptops. [b]  Breaches Involving Storage Media in Transit. [c]  Breaches Involving Hacking and Related Conduct. [d]  Breaches Involving Educational Institutions. [e]  International Breaches.
[3]  The Rationale for the Burgeoning Disclosures
[a]  The Explosion in Disclosed Breaches. [b]  The Reason for the Proliferation of Disclosed Breaches.
[4]  Resulting Litigation
§ 22.04.  The Response
[1]  Statutes and Company Reaction [2]  Statutory Variations [3]  Securities and Exchange Commission [4]  Insurance [5]  Cybersecurity Threat Sharing [6]  Health Information
§ 22.05.  Triggers for Applicability
[1]  “Access” [2]  “Acquisition” [3]  Likely Misuse of Information, or of Resulting Harm. [4]  The FTC Weighs In.
§ 22.06.  Breach Notification for Health Care Data § 22.07.  Survey of Notification Recipients
[1]  The Survey. [2]  The Notifications. [3]  Recipient Impressions. [4]  Injury as a Result of Breach.
§ 22.08.  Effect of these Statutes on Company Policies and Practices
[1]  Effect of the Breach Notification Statutes. [2]  Conforming to the Notification Environment. [3]  Best Practices: Before a Breach [4]  Best Practices: Incident Response Plan. [5]  Best Practices: After a Breach is Discovered—Content and Tenor of Notification. [6]  Best Practices: After the Breach—Remediation [7]  Why The Breach Notification Statutes “Work” [8]  Conclusion
§ 22.09.  International Effect of these Statutes
[1]  Overview. [2]  Structure of the Statutes. [3]  U.S. Standards for Asserting Personal Jurisdiction. [4]  Applicability of these Standards to Non-U.S. Companies. [5]  Conclusion.
§ 22.10.  The Cost to the Company of a Data Security Breach § 22.11.  Federal Legislative Initiatives
[1]  Reminder on Why Breach Notification Statutes Help Promote Privacy [2]  The Need for Uniformity [3]  Impetus from the Target Breach [4]  Representative Senate Data Breach Bills (2014) [5]  European Union
APPENDIX 22 — CHAPTER APPENDIX
§ 22App.01.  Summary of Breach Notification Statutes § 22App.02 California Breach Notification Statute
California Civil Code § 1798.82—Breach Notification by Non-Governmental Entities see also Civ. Code § 1798.29 (Breach Notification by Governmental Entities)
§ 22App.03 Ponemon Survey of Data Security Breach Notification Statutes
CHAPTER 23 — CALIFORNIA PRIVACY REGIME
§ 23.01.  Introduction
[1]  Importance of the California Privacy Regime. [2]  Some California Privacy Achievements. [3]  The Privacy Enforcement and Protection Unit.
§ 23.02.  Key Practice Insight § 23.03.  Notification of Privacy Breach § 23.04.  Posting a Privacy Policy (California Online Privacy Protection Act of 2003) § 23.05.  Social Security Numbers § 23.06.  Data Security § 23.07.  Data Destruction § 23.08.  Transfer of Data for Direct Marketing (the “Shine the Light Law”) § 23.09.  Credit Card-Related Conduct (Song-Beverly Act) § 23.10.  Spyware § 23.11.  Radio Frequency Identification (“RFID”) § 23.12.  Consumer Credit Reporting Agencies § 23.13.  The California Financial Privacy Act § 23.14.  Use of Consumer Public Record Data § 23.15.  Healthcare Information § 23.16.  The California Invasion of Privacy Act § 23.17.  Warrant Required for Portable Electronic Device Searches § 23.18.  The Reader Privacy Act § 23.19.  Pretexting § 23.20.  Criminal Conviction in Employment Application (“Ban the Box”) § 23.21.  Privacy Provision of the California Constitution § 23.22.  Statutes Not Expressly Directed to Privacy § 23.23.  Limitations on Requiring Social Media Passwords § 23.24.  Utility Usage Privacy § 23.25.  Websites Directed to Minors, and Erasure of Minor-Posted Material § 23.26.  Kill-Switch § 23.27.  Electronic Communications Privacy Act § 23.28.  Revenge Porn § 23.29.  Immigration Worksite Enforcement Actions § 23.30.  The California Consumer Privacy Act of 2018 § 23.31.  Bot Identification Law § 23.32.  Internet-of-Things Security
CHAPTER 24 — NEW YORK STATE PRIVACY REGIME
§ 24.01.  Overview § 24.02.  Key Practice Insights § 24.03.  Pretexting § 24.04.  Phishing § 24.05.  Data Security Breach Notification § 24.06.  Collection, Display, and Use of Social Security Numbers § 24.07.  Disposal of Records Containing Personal Identifying Information § 24.08.  Unauthorized Acquisition of a Wireless Telephone Number § 24.09.  Installation or Maintenance of a Viewing Device; Residential Video Imaging § 24.10.  Freedom of Information Law § 24.11.  Conversion of Intangibles § 24.12.  Breach of Confidentiality § 24.13.  The Expectation of Privacy under New York Law
[1]  People v. Weaver
[a]  Introduction [b]  The Facts [c]  The Majority Opinion [d]  The Dissents [e]  Conclusion
§ 24.14.  Legislative Initiatives
[1]  Behavioral Advertising Privacy Bill [2]  Governor Paterson’s Identity Theft Bill [3]  The 2019 New York Privacy Act Bill.
§ 24.15.  Appropriation § 24.16.  Cyberbullying § 24.17.  Prize Claims by Pay-Per-Call § 24.18.  Credit/Debit Card-Related Activities § 24.19.  New York Cybersecurity Regulations § 24.20.  New York Consumer Credit Reporting Agency Regulation
CHAPTER 25 — PRIVACY LITIGATION—STATE CAUSES OF ACTION
§ 25.01.  Organization of Case Discussions § 25.02.  Key Practice Insights § 25.03.  Case Discussions
[1]  Violation of State Breach Notification Statute [2]  Violation of State Constitutional Provision [3]  Breach of Contract [4]  Breach of Confidentiality [5]  Violation of State Fair Credit Reporting Act [6]  Breach of Fiduciary Duty [7]  Fraud in the Inducement [8]  Invasion of Privacy [9]  Negligence [10]  Breach of Common Law Duty to Notify [11]  Social Security Number-Related Violations [12]  Strict Liability [13]  Trespass to Chattels or Land [14]  Breach of Warranty [15]  Violation of State Unfair Trade Practices Act [16]  Unjust Enrichment [17]  Telephone and Other Interception [18]  Spyware [19]  Right of Publicity [20]  Misrepresentation [21]  Other Causes of Action
§ 25.04.  Class Action Aspects § 25.05.  Other State Activity
CHAPTER 26 — DATA BROKER LAWS
§ 26.01.  Data Broker § 26.02.  Vermont Statute
Chapters 27 –30 — [Reserved]
PART III. International Privacy and Data Protection Law
CHAPTER 31 — EUROPEAN UNION DATA PROTECTION LAW
§ 31.01.  The Structure of European Union Data Protection Law
[1]  Hierarchical Levels [2]  Works Councils [3]  Enforcement
§ 31.02.  Key Practice Insights § 31.03.  Summary of Pertinent EU Directives
[1]  The EU Data Protection Directive
[a]  Content of the Data Protection Directive. [b]  The Meaning of “Identifiable.” [c]  “Legitimate Interest.”
[2]  The EU e-Privacy Directive [3]  The EU Data Retention Directive
[a]  The Retention Directive. [b]  European Commission Report on the Data Retention Directive. [c]  Court of Justice of the EU Ruling on the Data Retention Directive.
§ 31.04.  The General Data Protection Regulation (“GDPR”)
[1]  History [2]  Overview [3]  Summary of the GDPR [3A]  Different Takes on GDPR’s Success [4]  EDPB, EC, and WP29 Interpretations Regarding the GDPR
[a]  Data Protection Officers. [b]  Lead DPA. [c]  Right to Data Portability. [d]  Privacy Impact Assessments. [e]  Workplace Privacy. [f]  Data Breach Notification. [g]  Profiling and Automated Decision-Making. [h]  Administrative Fines. [i]  Adequacy. [j]  Binding Corporate Rules. [k]  Consent. [l]  Transparency. [m]  GDPR Territorial Scope. [n]  Certification. [o]  Accreditation of Certification Bodies. [p]  Where the Legal Basis is Performing a Contract to which the Data Subject is Party. [q]  Relationship: GDPR & ePrivacy Directive. [r]  Processing by Political Parties.
§ 31.05.  The Data Protection Authorities
[1]  Overview [2]  France. [3]  Germany. [4]  Italy [5]  Spain [6]  United Kingdom
§ 31.06.  Post-Release Treatment of the Directive
[1]  Implementation of the Directive
[a]  Solicitation of Input. [b]  First Report—2002. [c]  Second Report—2007.
[2]  Dissatisfaction with Implementation of the Directive
[a]  European Data Protection Supervisor’s Reaction. [b]  EU Charges Against Member States.
[3]  EU Interpretations of the Directive
[a]  Activity. [b]  Personal Data.
[i]  Definitions. [ii]  Any Information. [iii]  Relating To. [iv]  Identified or Identifiable. [v]  Natural Persons. [vi]  IP Addresses.
[4]  Attempt to Bridge Differences with US Law
§ 31.07.  EU Data Protection Litigation
[1]  Lindqvist
[a]  Background. [b]  Processing. [c]  Sensitive Data. [d]  Cross-Border Transfer. [e]  Beyond the Directive.
[2]  Durant [3]  Ezsias [4]  Associación Nacional [5]  The Right to Be Forgotten (“RTBF”)
[a]  Opinion of the CJEU. [b]  Opinion of the Advocate General. [c]  Article 29 Working Party. [d]  Google’s Response. [e]  Camera de Comercio v. Manni [f]  EU Member State DPAs and Courts. [g]  US Sightings of the RTBF.
[6]  ICANN Conflict with EU General Data Protection Regulation
APPENDIX 31 — CHAPTER APPENDIX
§ 31App.01.  General Data Protection Regulation (“GDPR”), enforceable May 25, 2018. § 31App.02.  Directive on Processing for Criminal Proceedings § 31App.03.  Directive on Anti-Terrorism Processing of Passenger Name Record Data § 31App.04.  EU Data Protection Directive, approved 1995, repealed on July 12, 2016 to become effective May 25, 2018. § 31App.05.  Ponemon Comparison of EU/US Actual Privacy § 31App.06.  EU ePrivacy Directive
CHAPTER 32 — CROSS-BORDER TRANSFER OF PERSONAL DATA FROM THE EUROPEAN UNION
§ 32.01.  Overview § 32.02.  Key Practice Insights § 32.03.  Applicability of the EU Directive to Cross-Border Transfer § 32.04.  What is “transfer to a third country”? § 32.05.  Modes of Lawful Data Transfer from the EU
[1]  Overview [2]  Adequacy [3]  Safe Harbor
[a]  Establishment and Framework. [b]  Safe Harbor Obligations and Exceptions. [c]  The Safe Harbor Principles. [d]  The Frequently Asked Questions (“FAQs”). [e]  Safe Harbor Certification Marks. [f]  Early Review—Is Safe Harbor Working? [g]  The Safe Harbor Enforcement Regime. [h]  Safe Harbor Enforcement Proceedings. [i]  The Nuts and Bolts of Self-Certifying to Safe Harbor. [j]  European Union 2013–2014 Concern about Safe Harbor
[i]  The 2013 Press Release. [ii]  The 2013 European Commission Communication. [iii]  Article 29 Working Party.
[k]  The Demise of Safe Harbor.
[4]  Standard Contractual Clauses
[a]  Authorization in the Directive. [b]  Clauses for Use in Transfers to Controllers
[i]  Initial Set (2001) of Controller Clauses.
[A]  The Decision. [B]  The Clauses. [C]  The Appendices. [D]  The FAQs.
[ii]  Alternate Set (2004) of Controller Clauses
[A]  The Perceived Need. [B]  The Decision. [C]  The Clauses. [D]  Differences between the 2001 and 2004 Controller Clauses. [E]  The FAQs.
[c]  Clauses for Use in Transfers to Processors
[i]  Initial Set (2001) of Processor Clauses (now superseded).
[A]  The Decision. [B]  The Clauses. [C]  The Appendices.
[ii]  Alternative (Now the Only) Set (2010) of Processor Clauses.
[A]  The Decision. [B]  The Clauses. [C]  The Appendices.
[d]  Clauses for Transfer from Processor to Sub-Processor. [e]  Modified Standard Contractual Clauses.
[5]  Binding Corporate Rules/Codes of Conduct (“BCR”)
[a]  What are BCR? [b]  The Perceived Need. [c]  DPA Attitudes toward BCR. [d]  Early Difficulties. [e]  The ICC Report. [f]  The Standard BCR Application Form. [g]  Post-Standard Form Developments. [h]  BCR Tools.
[6]  Privacy Shield and Its Genesis
[a]  Introduction [b]  A Closer Look at the CJEU Schrems Decision [c]  Some EU Misconceptions
[i]  Misconception: that US National Security Law is Less Protective of Privacy than is EU Law
[A]  The Hogan Lovells Study. [B]  The Sidley “Essentially Equivalent” Study. [C]  The Oxford Institute Paper. [D]  Recent Changes to US Surveillance Law and Policy.
[I]  Surveillance Outside FISA—Executive Order 12333 and Presidential Policy Directive 28.
[E]  Recent Changes and Proposed Changes to EU Surveillance Law. [F]  A Comparison of Surveillance Privacy-Sensitivity.
[ii]  Misconception: that PRISM (i) Provides No Significant Benefits, and (ii) Is Insensitive to Privacy Concerns.
[A]  PRISM Provides Significant Intelligence Benefits. [B]  PRISM Is not a Bulk Collection Program.
[iii]  The EU’s Misdirected Focus Solely on US Surveillance.
[d]  Why No Proportionality Analysis?
[i]  A Dichotomy: The Charter and the Convention. [ii]  Pertinent ECtHR Decisions.
[e]  The Disconnect from the US Perspective [f]  The Judicial Redress Act—The Sleeves out of our Vest
[i]  Introduction. [ii]  The Judicial Redress Act. [iii]  The Privacy Act.
[A]  No Right to Restrict Collection under the Privacy Act. [B]  The Privacy Act Exemption. [C]  Insufficient Privacy Act Sanctions. [D]  The JRA “Designation” Loophole.
[iv]  Redress Requirement of the CJEU Schrems Decision. [v]  Trump Executive Order’s Effect on Protection of Personal Data of non-US Persons.
[g]  Privacy Shield—Will It Pass Muster at the CJEU?
[i]  The Initial Privacy Shield Proposal. [ii]  Criticism of the Initial Privacy Shield Proposal. [iii]  The Final Privacy Shield Framework [iv]  The European Commission’s Adequacy Decision [v]  WP29’s Parting Shot. [vi]  Is Privacy Shield Adequate? [vii]  Enforcement.
[h]  Article 29 Working Party Privacy Shield FAQs. [i]  Swiss Privacy Shield. [j]  Privacy Shield Annual Reviews. [k]  Conclusion. [l]  EC Inquiry into Automated Decision-Making.
[7]  US-EU “Umbrella Agreement”
§ 32.06.  How Transfers Are Actually Being Effected
[1]  Overview. [2]  Advantages and Disadvantages of the Various Export Methods
[a]  Adequacy of Foreign Law. [b]  Unambiguous Consent. [c]  Necessities. [d]  Transfer of Information in a Public Register. [e]  Standard Contractual Clauses. [f]  Binding Corporate Rules. [g]  Privacy Shield.
§ 32.07.  OK, So How Should My Client Transfer Data from the EU?
[1]  The Pertinent Criteria [2]  The Available Transfer Mechanisms [3]  Some Helpful Suggestions [4]  Suggestions of the UK DPA
§ 32.08.  Specific Problem Areas in EU-US Transfer
[1]  Overview [2]  Airline PNR Data
[a]  Introduction. [b]  Back and Forth. [c]  Present Status. [d]  Canadian PNR.
[3]  The Anonymous Whistleblower Debate
[a]  Introduction. [b]  The CNIL Guidelines. [c]  The CNIL Unique Authorization. [d]  The CNIL FAQs. [e]  Best Practices for a Hotline in France. [f]  Article 29 Working Party. [g]  EU Correspondence with the SEC. [h]  The Netherlands.
[4]  The SWIFT Matter
[a]  Introduction. [b]  The EU Reaction. [c]  The EU Demand for Action. [d]  Disposition of the EU Dispute. [e]  Disposition of the Belgian Dispute. [f]  Investigation After Snowden Disclosure.
[5]  US Discovery vs. EU Data Protection
[a]  Introduction. [b]  US Discovery Law—The Irresistible Force
[i]  Obligations to Produce and Preserve. [ii]  Which Documents are Subject to Discovery? [iii]  US Court Recognition of Privacy Considerations.
[c]  EU Data Protection Law—The Immovable Object. [d]  The Conflict. [e]  US Precedent. [f]  What’s Different this Time. [g]  Light at the End of the Tunnel?
[i]  The Article 29 Working Party Document. [ii]  The CNIL Deliberation. [iii]  Comparison: Document and Deliberation.
[h]  A Call for Comity. [i]  A Few Suggestions.
§ 32.09.  Data Protection Issues in Outsourcing
[1]  Sources of Data Protection Obligations in Outsourcing [2]  General Data Protection Considerations in Outsourcing. [3]  Offshore Outsourcing
[a]  The Importance of Transferee Law. [b]  The Importance of Transferor Law. [c]  The Importance of Third Party Law. [d]  Contractual Considerations. [e]  Beyond the Law (and the Contracts).
[4]  Domestic Outsourcing. [5]  Consumer Privacy Concerns in Outsourcing. [6]  Survey: U.S. Nationals’ Perceptions About Outsourcing Personal Data.
APPENDIX 32 — CHAPTER APPENDIX
§ 32App.01.  EU-US Safe Harbor Principles & FAQs § 32App.02.  EU Standard Controller Clauses § 32App.03.  EU Standard Controller FAQs § 32App.04.  EU Alternative Standard Controller Caluses § 32App.05.  EU Alternative Standard Controller FAQs § 32App.06.  EU Standard Processor Clauses (2010) § 32App.07.  EU Model Binding Corporate Rules Application
ANNEX 1: COPY OF THE FORMAL BINDING CORPORATE RULES
§ 32App.08.  EU 2004 Report on Safe Harbor Implementation § 32App.09.  WP 107 re Adequate Safguards from BCRs § 32App.10.  WP 108 re Model Checklist for BCRs § 32App.11.  CNIL Whistleblowing Guidelines § 32App.12.  EU Commission re FAQs on Export from EEA
I. Introduction II. Step-by-step decision-making process III. Glossary IV. Frequently Asked Questions: table V. Frequently Asked Questions relating to the transfer of personal data from the EU/EEA to third countries
CHAPTER 33 — THE ASIA PACIFIC ECONOMIC COOPERATION (APEC) PRIVACY FRAMEWORK
§ 33.01.  Overview § 33.02.  Key Practice Insights § 33.03.  Member Economies § 33.04.  APEC Privacy Framework
[1]  Overview. [2]  Nature and Purpose of Framework. [3]  Preamble. [4]  Scope. [5]  Principles. [6]  Implementation. [7]  Some Discrete Member Economy Steps. [8]  Certification
§ 33.05.  APEC Cross-Border Activities
[1]  Overview. [2]  Cross-Border Privacy Rules (“CBPRs”)
[a]  2005 Activities. [b]  U.S. Participation. [c]  CBPR Activity. [d]  2016 and Beyond Assessment of CBPR.
[3]  The Pathfinder Projects. [4]  The APEC Cross-Border Privacy Enforcement Arrangement (“CPEA”) [5]  Status Report—2014
APPENDIX 33 — CHAPTER APPENDIX
§ 33app.01.  APEC Framework
CHAPTER 34 — THE NEED FOR A SINGLE GLOBAL DATA PROTECTION PARADIGM
§ 34.01.  Overview § 34.02.  The EU Privacy Regime § 34.03.  Which Regime Offers More Actual Privacy—US or EU?
[1]  Introduction. [2]  The Present Situation. [3]  The “Inadequate” US Privacy Regime. [4]  Structure of the Privacy Regimes. [5]  Inadequate US Laws? [6]  US Intelligence Surveillance. [7]  And then There’s Safe Harbor. [8]  Looking into the Crystal Ball. [9]  Closing Remarks.
§ 34.04.  Other Data Protection Regimes § 34.05.  The Landscape Confronting Multinationals § 34.06.  Outsourcing of Jobs § 34.07.  Need for a Different Regime § 34.08.  Three Considerations Highlight Need for Single Global Paradigm
[1]  Difference in Perspective #1: EU/US. [2]  Difference in Perspective #2: EU/Multinationals. [3]  Difference in Perspective #3: EU/PAEC.
§ 34.09.  Acknowledgment of the Need for Harmonization § 34.10.  Where Do We Go From Here?
Chapters 35 –40 — [Reserved]
PART IV. Specific Privacy Issues
CHAPTER 41 — HOW TO DRAFT A PRIVACY POLICY
§ 41.01.  Overview § 41.02.  The OECD Guidelines § 41.03.  Considerations
[1]  Before Drafting [2]  While Drafting [3]  After Drafting
§ 41.04.  Content
[1]  Notice [2]  Collection and Use [3]  Choice [4]  Disclosure [5]  Access and Correction [6]  Security. [7]  Communications.
§ 41.05.  Presentation
CHAPTER 42 — BEHAVIORAL ADVERTISING
§ 42.01.  Overview § 42.02.  The Nature and Status of Online Behavioral Advertising § 42.03.  Use of Online Behavioral Advertising § 42.04.  Do Consumers Care about Privacy? § 42.05.  The Federal Trade Commission Position
[1]  FTC Staff Reports on Behavioral Advertising. [2]  The 2012 FTC Report. [3]  The 2016 FTC Online Tracking Guidance. [4]  FTC Proceedings.
§ 42.06.  Self-Regulatory Efforts
[1]  Self-Regulation Generally. [2]  The Digital Advertising Alliance’s Self-Regulatory Principles. [3]  Do Not Track
[a]  What is “Do Not Track”? [b]  Browsers with DNT as Default Setting. [c]  Positions on DNT by Default. [d]  History of the W3C Process. [e]  More Recent OBA Developments.
§ 42.07.  The New York Behavioral Advertising Bill
[1]  The Bill. [2]  Reaction to the Bill. [3]  Effect of a State Behavioral Advertising Law.
§ 42.08.  The European Union Weighs In
[1]  Overview. [2]  The General Data Protection Regulation. [3]  The Draft e-Privacy Regulation. [4]  Other Pertinent Events.
§ 42.09.  Constitutionality of Restricting Behavioral Advertising § 42.10.  Killing the Goose that Laid the Golden Egg? § 42.11.  The Missing Element in the OBA Debate § 42.12.  The Issues
[1]  What Type of OBA (if any) Should Be Regulated? [2]  What Should DNT Mean? [3]  Should a DNT Default Be Recognized? [4]  Who Should Regulate OBA? [5]  What are the Funding Realities of the WWW?
Appendix 42.01 — CHAPTER APPENDIX
§ 42.08.  The European Union Weighs In
[1]  Article 29 Working Party Opinion WP148. [2]  Amendment of the e-Privacy Directive. [3]  Article 29 Working Party WP171. [4]  Other Pertinent Events.
CHAPTER 43 — PRIVACY AND SECURITY ISSUES IN CLOUD COMPUTING
§ 43.01.  The Genesis of Cloud Computing § 43.02.  What Is Cloud Computing? § 43.03.  Essential Characterists, Service Models, and Deployment Models § 43.04.  The Economics of Cloud Computing § 43.05.  Cloud Privacy and Security Overview § 43.06.  An Early Incident § 43.07.  US Statutory Data Transfer Restrictions § 43.08.  Privacy Policies and Terms of Use § 43.09.  Effect of the Cloud on Privilege § 43.10.  The Cloud and Professional Ethics § 43.11.  The FTC Position on Security on Cloud Computing § 43.12.  Conflicts of Law Issues § 43.13.  A Few Practical Privacy and Security Problems
[1]  Reliability and Security Issues [2]  Security Audit Requirements [3]  Insurance [4]  Termination [5]  Ease of Discovery [6]  Effect of Provider’s Bankruptcy
§ 43.14.  Government Access to Data in the Cloud § 43.15.  Cross-Border Transfer Privacy Issues § 43.16.  Cheap Shots: EU Privacy, the USA PATRIOT Act, and Cloud Computing
[1]  Cheap Shots [2]  The Allegations [3]  The Conflict of Law [4]  The Hogan Lovells White Paper
§ 43.17.  Other Issues in Cloud Computing § 43.18.  Conclusion
CHAPTER 44 — PRIVACY AND THE BOTTOM LINE
§ 44.01.  Overview § 44.02.  Why Good Privacy Can Benefit the Bottom Line
[1]  Reduced Risk of Sanctions [2]  More Effective Use of Information [3]  Reduced Risk of Damage from Contractor Malfeasance [4]  Reduced Customer Defection [5]  Reduced Probability of Brand Damage [6]  Enhanced Consumer Image [7]  Avoidance of Monetary Cost Associated with a Data Breach [8]  Improved Employee Morale [9]  Better Protection against Discontented Employees [10]  Enhanced Suitability for Merger/Acquisition [11]  Less Likely Target for Litigation by Competitors [12]  Greater Flexibility in Bankruptcy Proceedings
§ 44.03.  Conclusion
CHAPTER 45 — RADIO FREQUENCY IDENTIFICATION (RFID)
§ 45.01.  Overview § 45.02.  RFID Technology § 45.03.  RFID Applications § 45.04.  Consumer Issues § 45.05.  Applicable Privacy Law
CHAPTER 46 — SECURITY
§ 46.01.  Security
[1]  Importance of Restricting Internal Access to Data. [2]  Interagency Guidelines Establishing Information Security Standards. [3]  Critical Infrastructure Cybersecurity Framework. [4]  Payment Card Industry Processing Standards—Should They Be Embedded in Law? [5]  New York Agencies. [6]  Massachusetts Written Information Security Program. [7]  Other Treatment of Security Matters. [8]  Westermeier on Security.
APPENDIX 46 — INFORMATION SECURITY
I. LEGAL DUTY TO PROVIDE SECURITY II. EMERGENCE OF A LEGAL STANDARD
1. Overview of FTC Cases. 2. Suggested Best Practices. 3. Risk Assessment.
III. DEVELOPING LEGAL DEFINITION OF “REASONABLE SECURITY”
(1)  In the Matter of Fajilan and Associates, Inc., d/b/a Statewide Credit Services, FTC File No. C-4332 (Aug. 17, 2011) (2)  In the Matter of Rite Aid Corporation, FTC File No. 0723121 (July 27, 2010) (3)  In the Matter of Twitter, Inc., FTC File No. 092-3093 (June 24, 2010) (4)  In the Matter of Dave & Busters, Inc., FTC File No. 082 3153 (March 25, 2010) (5)  In the Matter of Genica Corporation, FTC File No. 082 3113 (February 5, 2009) (6)  In the Matter of Premier Capital Lending, Inc., FTC File No. 0723180 (Nov. 6, 2008) (7)  In the Matter of the TJX Companies, Inc., FTC File No. 0723055 (March 27, 2008) (8)  In the Matter of Reed Elserveir, Inc. and SEISINT, Inc., FTC File No. 0523094 (March 27, 2008) (9)  In the Matter of Goal Financial, LLC (FTC File No. 072 3013—March 4, 2008) (10)  In the Matter of Life Is Good, Inc., FTC File No. 072 3046 (January 17, 2008) (11)  In the Matter of Guidance Software, Inc., FTC File No. C-4187 (March 30, 2007) (12)  In the Matter of Nations Title Agency, Inc., FTC File No. 052 3117 (May 10, 2006) (13)  In the Matter of CardSystems Solutions Inc., FTC File No. 05223148 (Sept. 5, 2006) (14)  In the Matter of DSW Inc., FTC File No. 052-3096 (March 14, 2006) (15)  In the Matter of Superior Mortgage Corp., FTC File No. 0523136 (Sept. 28, 2005) (16)  In the Matter of BJ’s Wholesale Club, Inc., FTC File No. 042-3160 (June 16, 2005) (17)  In the Matter of Petco Animal Supplies, Inc., FTC File No. 032-3221 (Nov. 17, 2004) (18)  In the Matter of MTS, Inc., d/b/a Tower Records/Books/video, FTC File No. 032-3209 (April 21, 2004) (19)  In the Matter of Guess?, Inc., FTC File No. 022-3260 (July 30, 2003) (20)  In the Matter of Microsoft Corporation, FTC File No. 012-3240 (Aug. 8, 2002) (21)  In the Matter of Eli Lilly and Company, FTC File No. 012-3214 (May 8, 2002)
IV. PEER-TO-PEER FILE SHARING
(1)  In the Matter of EPN, Inc., FTC File No. 112 3143 (June 7, 2012) (2)  In the Matter of Franklin’s Budget Car Sales, Inc., FTC File No. 102-3084 (June 7, 2012) (3)  Federal Trade Commission v. Frostwire LLC, Case No. 1.11-CV-23643, FTC File No. 112 3041 (S.D. Fla. Oct. 11, 2011) (Closed Civil Case)
V. MASSACHUSETTS REGULATION VI. DUTY TO DISCLOSE BREACHES
A. Virginia Breach Notification Statute. B. DC Breach Notification Statute. C. Maryland Breach Notification Statute. D. Contents of Breach Notification.
VII. SEC GUIDANCE VIII. RECOMMENDED SECURITY PRACTICES
A. Better Business Bureau Checklist. B. Payment Card Requirements.
IX. CONTRACT PROTECTION
A. Software Development. B. Top 25 Software Errors. C. Security Training. D. Defining Security Requirements. E. Secure Design. F. Background Checks. G. Risk Assessments. H. Mitigation of Errors. I. Performance. J. Vulnerability Tests. K. Patches and Updates. L. No Malicious Code. M. No Disabling Mechanisms.
X. LEGAL BATTLE PLANS XI. FORENSIC SOFTWARE TOOLS XII. ETHICAL CONSIDERATIONS XIII. CONCLUSION
CHAPTER 47 — TRANSACTIONAL PRIVACY ISSUES
§ 47.01.  Introduction
[1]  The Role of Privacy in Transactions
§ 47.02.  Due Diligence
[1]  Introduction [2]  Data Protection Officer [3]  Legal Basis for Processing [4]  Privacy Impact Assessments [5]  Data Portability [6]  Automated Decisions [7]  Security [8]  Notice of Data Subject Rights [9]  Buyer’s Continued Use/Disclosure of Target’s Data [10]  Consent [11]  Children’s Verifiable Consent [12]  Processors [13]  Training [14]  Documentation of Processing [15]  Data Breach Notification and History [16]  Data Importation
§ 47.03.  Contract Terms
[1]  Introduction [2]  Insurance [3]  Price
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion