Privacy Regulations: applied science
Privacy regulations are essential laws and policies designed to safeguard digital privacy and manage access to online data and devices. These regulations face unique challenges due to the global nature of the Internet, leading many users worldwide to advocate for unified global standards. In the United States, while there is no overarching consumer privacy law, specific protections exist for certain types of digital information, such as medical and financial data. The absence of a general privacy law means that various federal and state statutes govern access to digital data, often based on specific categories of information or the context of use.
Key federal laws include the Computer Fraud and Abuse Act (CFAA), which criminalizes unauthorized computer access, and the Electronic Communications Privacy Act (ECPA), which offers limited protections for electronic communications. However, the ECPA has faced criticism for becoming outdated with the rise of web-based email services. After events such as the September 11 attacks, laws like the PATRIOT Act expanded governmental surveillance capabilities, complicating the privacy landscape. Additionally, states like California have pioneered regulations mandating clear privacy policies and user consent, reflecting a growing demand for enhanced privacy protections at the local level. As digital technology continues to evolve, the dialogue surrounding privacy regulations remains critical, highlighting the intersection of personal data ownership and consumer rights.
Privacy Regulations
Fields of Study
Privacy; Information Systems
Abstract
Privacy regulations are laws and policies put in place to protect digital privacy and to regulate access to digital data and equipment. While US law has no general consumer privacy protection laws, it does protect certain types of digital data, including medical and financial data.
Privacy Protections
As of 2016, the United States has no general laws protecting computer privacy. However, access to computers and certain types of digital data are restricted by various federal and state laws. While the US Constitution has no specific provision protecting the right to privacy, the Supreme Court has repeatedly interpreted several amendments to implicitly guarantee it. For example, the Fourth Amendment protects against unwarranted search and seizure. This has been taken to apply to an individual's personal communications. With advances in digital technology, millions of Americans have begun lobbying for new protections specifically for digital communication and data.
General Federal Privacy Laws
Within an organization, permission to access digital data may be restricted according to a system of access levels. In such a system, users are grouped into categories with varying levels of computer clearance. Network administrators usually have access to all data and operations. Users at other levels may have more limited access. In corporate and government systems, users are prohibited from accessing computers or data beyond their access level.
The Computer Fraud and Abuse Act (CFAA) of 1986 amended the United States Code statutes on federal crimes and criminal procedures. This act made unauthorized access to computer systems involved in interstate or foreign communications a federal offense. It allows for the prosecution of persons who attempt to gain unlawful computer access. The CFAA was specifically designed to protect government and financial institutions.
Also in 1986, Congress passed the Electronic Communications Privacy Act (ECPA). This law extended wiretap restrictions to apply to electronic data transmissions as well as pen/trap devices. It also specified what information Internet service providers (ISPs) cannot disclose about their users. One category of protected information is electronic communications, such as e-mails. However, the ECPA only protects e-mail stored on an ISP server for 180 days. After that time, the government can compel the ISP to disclose it. The ECPA has been criticized for not keeping pace with Internet technology. When the ECPA was first passed, ISPs only stored a user's e-mail for a short time, until it was downloaded to the user's computer. This changed with the emergence of web-based e-mail services. E-mail ISPs store users' e-mails on their servers indefinitely, often until the users delete them. Under the ECPA, all of these e-mails can be freely accessed after 180 days. Had they been downloaded to a computer and deleted from the server instead, they could not be accessed without a warrant.
After the September 11, 2001, terrorist attacks, Congress passed the PATRIOT Act. This act gave federal agencies increased powers to monitor digital communications in order to prevent terrorism. It also specified that pen/trap restrictions apply to routing information from electronic communications as well. This technically extends privacy protections, but also allows government agencies to compel ISPs to provide routing information instead of having to gather it themselves.
Provisional Privacy Regulations
A number of US federal regulations protect certain types of consumer data. For instance, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 regulates the collection and use of medical information. Organizations with access to someone's health care data may not disclose the data without permission from that person. HIPAA mainly applies to health care providers and pharmacies. Similarly, the Fair Credit Reporting Act of 1970 limited the use of individual personal and financial information by consumer credit reporting agencies. Other such laws include the Privacy Act (1974), the Tax Reform Act (1976), and the Electronic Fund Transfer Act (1978). These laws were not necessarily designed to protect electronic data. Nevertheless, they form the basis of Internet privacy regulations. However, many Americans feel that more general privacy laws are necessary.
Ownership of Data and State Laws
One recent controversy in digital privacy concerns the ownership of digital data. Data transmitted through cell phones and ISPs become partially the property of the service provider. ISPs and social media websites have mined user data to market products to users and, in some cases, to share their information with third parties. As there are no specific federal laws against this, several state legislatures have restricted corporate access to digital data. California, Connecticut, and Delaware have all passed laws requiring commercial websites to clearly disclose corporate privacy policies and to comply with "Do Not Track" requests from users, especially when collecting personal information. In 2003, Minnesota prohibited ISPs from disclosing a user's Internet habits or history without their permission. These statutes were the first US state laws intended to protect individuals' Internet privacy. In October 2015, California adopted the California Electronic Communications Privacy Act, hailed as the nation's most comprehensive digital privacy laws to date.
Bibliography
"Computer Crime Laws." Frontline. WGBH Educ. Foundation, 2014. Web. 28 Mar. 2016.
"Computer Fraud and Abuse Act (CFAA)." Internet Law Treatise. Electronic Frontier Foundation, 24 Apr. 2013. Web. 31 Mar. 2016.
Duncan, Geoff. "Can the Government Regulate Internet Privacy?" Digital Trends. Designtechnica, 21 Apr. 2014. Web. 28 Mar. 2016.
"Health Information Privacy." HHS.gov. Dept. of Health and Human Services, n.d. Web. 28 Mar. 2016.
"State Laws Related to Internet Privacy." National Conference of State Legislatures. NCSL, 5 Jan. 2016. Web. 28 Mar. 2016.
"USA Patriot Act." Electronic Privacy Information Center. EPIC, 31 May 2015. Web. 28 Mar. 2016.
Zetter, Kim. "California Now Has the Nation's Best Digital Privacy Law." Wired. Condé Nast, 8 Oct. 2015. Web. 28 Mar. 2016.