TreatiseTreatise

Proskauer on Privacy: A Guide to Privacy and Data Security Law in the Information Age

 by Kristen J Mathews, Proskauer Rose LLP
 
 Copyright: 2006-2015
 Last Updated: May 2015

 Product Details >> 

Product Details

  • ISBN Number: 9781402408048
  • Page Count: 568
  • Number of Volumes: 1
  •  
  • The purchase of PLI titles may include Basic Upkeep Service, whereby
    supplements, replacement pages and new editions may be shipped
    to you immediately upon publication for a 30-day examination. This
    service is cancelable at any time.

”Resources such as Proskauer on Privacy are invaluable reference tools for the growing ranks of privacy professionals in the marketplace.”
—J. Trevor Hughes, Executive Director, International Association of Privacy Professionals

”A must-have for every professional who has a serious interest in this field, as well as for the newbie who wants to learn the 'ins and outs’ of privacy from a legal perspective.” 
—Doron Rotman, Managing Director, National Privacy Service Leader Advisory, KPMG LLP

Today’s hodgepodge of privacy and data security standards creates greater compliance burdens for corporations, employers, public agencies, and legal advisers. Proskauer on Privacy: A Guide to Privacy and Data Security Law in the Information Age reduces those costly burdens. This comprehensive, one-stop reference covers the laws governing every area where data privacy and security is potentially at risk — including government records, electronic surveillance, the workplace, medical data, financial information, commercial transactions, and online activity, including communications involving children.

Proskauer on Privacy provides essential details on how to develop compliance programs that help your entity satisfy federal and state standards, ensure data privacy and security, prevent cybercrime, and help entities avoid fines, penalties, litigation, damages, and negative publicity. Proskauer on Privacy also examines Europe’s rigorous privacy and data security standards, the laws in Canada, Australia, Japan, China, Hong Kong, India, Russia, and Dubai, as well as legal initiatives in California and other states.

Edited by the head of Proskauer’s Privacy and Data Security Group, Proskauer on Privacy: A Guide to Privacy and Data Security Law in the Information Age is vital reading for privacy and data security professionals and corporate attorneys, executives, managers, and human resources personnel, as well as for federal and state regulators.

  Preface
  Table of Contents
  Introduction
Chapter 1: A Brief History of Information Privacy Law
Chapter 2: Financial Privacy Law; and Appendices 2A-2B
Chapter 3: Medical Privacy
Chapter 4: Federal Trade Commission Enforcement of Privacy
Chapter 5: State Privacy Laws
Chapter 6: Privacy of Electronic Communications
  • § 6:1 : Introduction6-2
    • § 6:1.1 : Purpose and History of the ECPA6-4
    • § 6:1.2 : Amendments to the ECPA6-9
  • § 6:2 : Title I—The Wiretap Act6-10
    • § 6:2.1 : Communications Covered6-12
      • [A] : Oral Communications6-12
        • [A][1] : Expectation of Privacy6-12
        • [A][2] : Silent Video6-19
      • [B] : Wire Communications6-20
        • [B][1] : Cordless Phones6-21
        • [B][2] : Voice Mail6-23
      • [C] : Electronic Communications6-24
    • § 6:2.2 : Intentional Interception of Communications6-25
      • [A] : “Intercept”6-26
        • [A][1] : Contemporaneous Acquisition Requirement6-26
        • [A][2] : Access to Temporarily Stored Emails6-31
        • [A][3] : Access to Telephone Numbers or Other Associated Information6-41
        • [A][4] : Keyloggers and Screen Captures6-44
      • [B] : Intent6-47
    • § 6:2.3 : Use or Disclosure of an Intercepted Communication6-49
    • § 6:2.4 : Exceptions6-53
      • [A] : Communications Service in Normal Course of Business6-53
      • [B] : Consent by a Party to a Communication6-58
        • [B][1] : Implied Consent6-63
        • [B][2] : Tortious or Criminal Purpose Exception6-65
        • [B][3] : The Case of “Cookies”6-67
  • Figure 6-1 : Placing Third-Party Advertisements on a Website6-68
    • [C] : Business Extensions6-71
    • [D] : Communications to the Public6-77
    • [E] : First Amendment6-79
    • § 6:2.5 : Private Cause of Action6-82
      • [A] : Litigating Wiretap Act Claims6-85
      • [B] : Limitations6-87
      • [C] : Damages6-88
      • [D] : Good-Faith Defense6-91
    • § 6:2.6 : State Wiretap Acts6-93
  • § 6:3 : Title II—Stored Communications Act6-96
    • § 6:3.1 : Access to Stored Communications6-96
      • [A] : Electronic Communication Service Facility6-97
      • [B] : “Unauthorized Access”6-102
        • [B][1] : Privacy Policies6-105
        • [B][2] : Subpoenas6-106
        • [B][3] : Exceeding Authorized Access6-108
      • [C] : “Electronic Storage”6-109
        • [C][1] : Cookies and Other Data Stored on Computers6-111
      • [D] : Exceptions6-112
        • [D][1] : Access Authorized by a Service Provider6-113
        • [D][2] : Access Authorized by a Party6-113
    • § 6:3.2 : Disclosures by Communications Services6-116
      • [A] : Disclosures Prohibited Under Section 27026-116
        • [A][1] : Contents of Communications6-120
          • [A][1][a] : Exceptions6-121
        • [A][2] : Customer Records6-126
          • [A][2][a] : Exceptions6-129
        • [A][3] : Anti-Pretexting Laws6-129
      • [B] : Disclosures to the Government Required Under Section 27036-131
    • § 6:3.3 : Private Cause of Action6-134
      • [A] : Damages6-136
  • § 6:4 : Title III—Pen Registers and Trap-and-Trace Devices6-137
Chapter 7: The Foreign Intelligence Surveillance Act
Chapter 8: Privacy and Homeland Security; and Appendices 8A-8F
Chapter 9: Workplace Privacy Law
  • § 9:1 : Selection of Employees9-3
    • § 9:1.1 : Pre-Employment Inquiries9-3
      • [A] : Inquiries Regarding Race, Sex, Religion, and Other Protected Characteristics9-3
      • [B] : Disability-Related Inquiries9-5
      • [C] : Psychological Testing and Examinations9-6
      • [D] : Union Status9-7
      • [E] : Litigation History9-7
    • § 9:1.2 : References9-8
    • § 9:1.3 : Blacklisting9-11
  • § 9:2 : Collection of Personal Information9-11
    • § 9:2.1 : Medical Information9-13
      • [A] : Health Insurance Portability and Accountability Act of 19969-13
      • [B] : HIV/AIDS9-16
      • [C] : Confidentiality of Patient Medical Records9-18
        • [C][1] : Federal Law9-18
        • [C][2] : State Law9-19
    • § 9:2.2 : Past Criminal and Arrest Records9-24
      • [A] : Federal Law9-24
        • [A][1] : Title VII9-24
        • [A][2] : Intelligence Reform and Terrorism Prevention Act9-26
      • [B] : State and Local Law9-27
        • [B][1] : Generally9-27
        • [B][2] : “Ban-the-Box” Laws9-29
    • § 9:2.3 : Fingerprints and Photographs9-31
    • § 9:2.4 : Financial Data9-32
      • [A] : Federal Law9-32
        • [A][1] : Fair Credit Reporting Act of 19709-32
        • [A][2] : Fair and Accurate Credit Transactions Act9-34
      • [B] : State Law9-34
    • § 9:2.5 : Educational Records9-35
      • [A] : Federal Law9-35
      • [B] : State Law9-36
    • § 9:2.6 : Personal Identification Information9-37
      • [A] : Information Stored on Computers9-37
      • [B] : Social Security Numbers9-38
      • [C] : Motor Vehicle Information9-40
      • [D] : Verification of Employment Eligibility: E-Verify9-41
    • § 9:2.7 : Access to Personnel Records9-42
    • § 9:2.8 : Genetic Information9-44
  • § 9:3 : Policies Regulating Employee Conduct9-46
    • § 9:3.1 : Sexual Conduct, Intimate Relationships, Fraternization, Procreation, Marriage9-46
      • [A] : Common-Law Claims—Private Employees9-46
        • [A][1] : Invasion of Privacy9-46
          • [A][1][a] : Public Disclosure of Private Facts9-46
          • [A][1][b] : Intrusion upon Seclusion9-48
        • [A][2] : Wrongful Termination in Violation of Public Policy9-49
      • [B] : Statutory Claims9-50
      • [C] : Constitutional Privacy Right9-51
    • § 9:3.2 : Grooming and Dress Codes9-53
      • [A] : Mutable Versus Immutable Characteristics9-53
      • [B] : Hair Length and Style9-55
        • [B][1] : Federal Law9-55
        • [B][2] : State Law9-57
      • [C] : Beards and Moustaches9-58
        • [C][1] : Federal Law9-58
        • [C][2] : State Law9-59
      • [D] : Dress Codes9-60
        • [D][1] : Federal Law9-60
        • [D][2] : State Law9-62
      • [E] : Gender Identity Issue9-62
    • § 9:3.3 : Polygraphs and Lie Detector Tests9-63
    • § 9:3.4 : Genetic Testing9-65
    • § 9:3.5 : Drug and Alcohol Use9-65
      • [A] : Federal Law9-66
        • [A][1] : Constitution9-66
        • [A][2] : Americans with Disabilities Act (ADA)9-67
        • [A][3] : Other Federal Statutes and Regulations9-69
      • [B] : State Laws9-70
        • [B][1] : Constitutions9-70
        • [B][2] : Statutes9-71
      • [C] : Contractual and Common Law Theories of Liability9-72
    • § 9:3.6 : Smoking9-73
      • [A] : Restrictions on Smoking in the Workplace9-73
      • [B] : Off-Duty Smoking9-74
    • § 9:3.7 : Disclosure of Wages9-75
    • § 9:3.8 : Blogging and Cybersmearing9-76
      • [A] : Validity of Employee Confidentiality Policies9-77
      • [B] : Potential Causes of Action9-78
        • [B][1] : Private Blogs and the Stored Communication Act9-78
        • [B][2] : Trespass to Chattels9-80
        • [B][3] : Defamation9-81
  • § 9:4 : Surveillance of Employees9-83
    • § 9:4.1 : Employer Investigations Generally9-83
    • § 9:4.2 : Physical Searches9-84
      • [A] : Introduction9-84
      • [B] : Public Employer Searches9-85
      • [C] : Private Employer Searches9-88
        • [C][1] : Third-Party Consent9-89
      • [D] : NLRA9-90
    • § 9:4.3 : Email and Internet Use Searches9-90
      • [A] : Notice9-90
      • [B] : Statutory Provisions9-94
        • [B][1] : Federal Law9-94
          • [B][1][a] : The Electronic Communications Privacy Act9-94
            • [A][1][a][i] : Exceptions9-97
          • [B][1][b] : The Federal Computer Fraud and Abuse Act9-99
          • [B][1][c] : NLRA9-101
      • [C] : State Law9-102
    • § 9:4.4 : Instant Electronic Communications9-104
      • [A] : Instant Messaging9-104
      • [B] : Text Messaging9-105
      • [C] : Social Media9-106
    • § 9:4.5 : Eavesdropping, Recording Telephone Conversations, and Video Monitoring9-107
    • § 9:4.6 : Human Tracking Devices9-110
    • § 9:4.7 : USA PATRIOT Act9-114
Chapter 10: Privacy and Commercial Communications
  • § 10:1 : Overview10-3
    • § 10:1.1 : Connection to Privacy Principles and Laws10-3
    • § 10:1.2 : General Considerations10-4
  • § 10:2 : Email Communications10-4
    • § 10:2.1 : Source and Scope of Rules10-4
    • § 10:2.2 : What Is a “Commercial Electronic Mail Message”?10-6
    • § 10:2.3 : Who Is the “Sender”?10-9
    • § 10:2.4 : Consent Requirements10-11
    • § 10:2.5 : Information to Be Included in Each Message10-12
    • § 10:2.6 : Forward-to-a-Friend Features10-13
    • § 10:2.7 : Specific Rules for Messages Sent to Wireless Domains10-15
    • § 10:2.8 : Prohibitions on Fraudulent, Deceptive, and Abusive Practices10-17
    • § 10:2.9 : Additional Rules Regarding Sexually Oriented Material10-18
  • § 10:3 : Telephone Communications10-20
    • § 10:3.1 : Source and Scope of Rules10-20
    • § 10:3.2 : Consent Requirements10-21
      • [A] : Company-Specific Consent Requirements10-22
      • [B] : National Do Not Call Registry10-23
      • [C] : State Do-Not-Call Lists10-24
    • § 10:3.3 : Required Call Content10-25
    • § 10:3.4 : Time and Frequency Restrictions10-27
    • § 10:3.5 : Use of Autodialers, Prerecorded Messages, and Other Technologies10-27
    • § 10:3.6 : Prohibitions on Deceptive or Abusive Telemarketing Practices10-31
    • § 10:3.7 : Record-Keeping and Compliance Requirements10-31
  • § 10:4 : Fax Communication10-33
    • § 10:4.1 : Source and Scope of Rules10-33
    • § 10:4.2 : Consent Requirements10-33
    • § 10:4.3 : Information to Be Included in Each Message10-34
  • § 10:5 : Direct Mail Communications10-35
    • § 10:5.1 : Source and Scope of Rules10-35
    • § 10:5.2 : Restrictions and Prohibitions on Mailing Certain Content10-36
      • [A] : Fraudulent or Deceptive Content10-36
      • [B] : Prohibited or Restricted Advertising Content10-37
      • [C] : Mailings Containing Certain Goods, Samples, Etc.10-38
    • § 10:5.3 : Consent Requirements10-38
      • [A] : Sexually Oriented Advertisements10-38
      • [B] : “Pandering” Advertisements10-39
      • [C] : Sweepstakes and Skill Contests10-40
  • § 10:6 : Text Messaging10-40
    • § 10:6.1 : Source and Scope of Rules10-40
    • § 10:6.2 : What Is a Text Message?10-40
    • § 10:6.3 : Consent Requirements10-41
      • [A] : Messages Sent to a Number10-41
        • [A][1] : Do-Not-Call Rules10-42
      • [B] : Messages Sent to a Username and Domain Name10-42
        • [B][1] : Express Prior Authorization10-44
        • [B][2] : FCC List of Wireless Domains10-44
        • [B][3] : Procedures for Receiving and Honoring Opt-Out Requests10-45
      • [C] : State-Law Consent Requirements10-46
        • [C][1] : California10-46
        • [C][2] : Rhode Island10-47
        • [C][3] : Washington10-48
        • [C][4] : State Spam Laws10-50
    • § 10:6.4 : Sending Automated Text Messages10-50
    • § 10:6.5 : Industry Self-Regulation10-51
      • [A] : Mobile Marketing Association10-51
      • [B] : Direct Marketing Association’s Guidelines for Ethical Business Practice10-55
  • § 10:7 : Social Media10-56
    • § 10:7.1 : Source and Scope of Rules10-56
    • § 10:7.2 : What Is Social Media?10-56
    • § 10:7.3 : Sending Commercial Messages via Social Media10-57
    • § 10:7.4 : Gathering and Using Consumer Data from Social Media Sites10-58
      • [A] : Disclosure of Users’ Personal Information to Third Parties10-59
      • [B] : Address Book Harvesting10-60
      • [C] : Location-Based Services10-60
      • [D] : Computer Fraud Statutes10-61
      • [E] : Industry Self-Regulation of Information Gathering and Distribution10-62
    • § 10:7.5 : Using Social Media Users’ Actions As Advertisements10-63
      • [A] : Advertising Social Media Users’ Activity Within the Social Media Site10-63
      • [B] : Advertising Social Media Users’ Internet Activity Outside the Social Media Site10-64
  • § 10:8 : Conclusions10-64
Chapter 11: The Children’s Online Privacy Protection Act (COPPA)
Chapter 12: The Privacy Act of 1974 and Its Progeny
Chapter 13: Canadian Privacy Law
  • § 13:1 : Nature of the Canadian Privacy Framework13-3
    • § 13:1.1 : Intersecting Federal and Provincial Privacy Regimes13-3
      • [A] : Public Sector13-3
      • [B] : Private Sector13-4
        • [B][1] : Québec13-4
        • [B][2] : Federal13-5
        • [B][3] : Provincial (Other Than Québec)13-6
      • [C] : Personal Health Information13-7
      • [D] : Statutory Tort of Invasion of Privacy13-8
    • § 13:1.2 : Privacy Principles from Common Law13-9
      • [A] : Common-Law Tort of Privacy13-9
      • [B] : Work Product13-11
      • [C] : Surveillance13-12
        • [C][1] : Reasonableness of Surveillance in the Workplace13-12
        • [C][2] : Surveillance Evidence in Litigation13-13
    • § 13:1.3 : Relationship Between the Canadian and European Privacy Regimes13-14
  • § 13:2 : Personal Information13-16
    • § 13:2.1 : Scope of Definition of “Personal Information”13-16
    • § 13:2.2 : Employee Information13-17
    • § 13:2.3 : Carve-Outs from the Obligations Applying to Personal Information13-18
    • § 13:2.4 : Sensitivity of Personal Information13-18
    • § 13:2.5 : Grandfathering Provisions13-19
  • § 13:3 : Nature of Privacy Obligations13-19
    • § 13:3.1 : Consent/Notice Obligations13-19
      • [A] : Generally13-19
      • [B] : Content of the Notice13-20
      • [C] : Withdrawing Consent13-20
      • [D] : Extra-Jurisdictional Transfers of Personal Information13-21
    • § 13:3.2 : Administrative Obligations13-23
    • § 13:3.3 : Access Obligations13-23
    • § 13:3.4 : Breach Notification13-24
      • [A] : Comparison of the Federal and Alberta Models13-24
      • [B] : Differences Between the Federal and Alberta Models13-25
        • [B][1] : Threshold for Reporting a Breach13-25
        • [B][2] : Threshold for Notifying the Affected Individuals13-26
        • [B][3] : Definition of “Significant Harm”13-26
        • [B][4] : Responsibility for Notification13-27
        • [B][5] : Offenses13-27
    • § 13:3.5 : Enforcement13-28
      • [A] : Generally13-28
      • [B] : Powers13-28
      • [C] : Offenses13-28
      • [D] : “Naming and Shaming”13-29
      • [E] : Review of Findings/Appeals13-29
      • [F] : Remedies13-29
  • § 13:4 : Canadian Privacy Law in Transition13-30
    • § 13:4.1 : Recent Changes to Canadian Privacy Law13-30
    • § 13:4.2 : 2010 Changes to the Alberta PIPA13-30
      • [A] : Privacy Policies and Practices13-30
      • [B] : Maintaining Accuracy of Personal Information13-31
      • [C] : Retention and Destruction13-31
    • § 13:4.3 : Proposed Revisions to PIPEDA13-32
      • [A] : Scope of Application13-32
      • [B] : Consent13-32
      • [C] : Consent Exceptions13-32
      • [D] : Definition of “Lawful Authority”13-33
      • [E] : Federal Commissioner’s Proposed 2013 Revisions to PIPEDA13-34
    • § 13:4.4 : Canada’s Anti-Spam Legislation (CASL)13-35
      • [A] : Overview of Canadian, U.S., and U.K. Legislation13-35
      • [B] : Definition of “Commercial” Messages/Communications13-37
      • [C] : Consent13-40
        • [C][1] : “Opt-In” Versus “Opt-Out” Provisions13-40
        • [C][2] : “Natural Persons” Versus “Legal Persons”13-42
      • [D] : Additional Exemptions13-43
      • [E] : Content13-46
      • [F] : Enforcement13-50
      • [G] : Jurisdiction13-53
      • [H] : Compliance Challenges13-56
    • § 13:4.5 : Class Actions and Privacy Litigation13-59
    • § 13:4.6 : Federal Commissioner Decision on Credit-Based Insurance Scores13-64
      • [A] : Introduction13-64
      • [B] : Summary of PIPEDA Report of Findings No. 2012-00513-65
      • [C] : Analysis13-67
  • § 13:5 : Conclusions13-69
Chapter 14: International Privacy Law; and Appendices 14A-14E
Chapter 15: Compliance with the Payment Card Industry Data Security Standard
  • § 15:1 : Introduction15-2
  • § 15:2 : Background15-5
    • § 15:2.1 : Industry Background15-5
    • § 15:2.2 : Federal Consumer Protection Laws15-8
    • § 15:2.3 : Data Security Regulations15-9
      • [A] : Federal Regulation15-10
      • [B] : State Regulation15-12
  • § 15:3 : Development of the Payment Card Industry Data Security Standard15-14
  • § 15:4 : PCI Requirements15-19
    • § 15:4.1 : The Basic Requirements15-19
  • Figure 15-1 : Payment Card Industry Data Security Standard15-20
    • § 15:4.2 : Protecting Stored Data15-24
  • Figure 15-2 : PCI Requirement 3: Protect Stored Cardholder Data15-24
    • § 15:4.3 : Encrypt Transmission of Cardholder Data Across Open, Public Networks15-28
  • Figure 15-3 : Requirement 4: Encrypt Transmitted Data15-30
    • § 15:4.4 : Compensating Controls15-30
    • § 15:4.5 : Payment Applications15-31
  • § 15:5 : Validation15-33
    • § 15:5.1 : Merchant Levels15-34
  • Figure 15-4 : Merchant Levels (Visa CISP)15-35
    • § 15:5.2 : Service Provider Levels15-36
  • Figure 15-5 : Service Provider Levels (Visa CISP)15-37
    • § 15:5.3 : Merchant Validation Requirements15-37
  • Figure 15-6 : Merchant Levels and Validation Requirements (Visa CISP)15-38
    • § 15:5.4 : Service Provider Validation Requirements15-39
  • Figure 15-7 : Service Provider Levels and Validation Requirements (Visa CISP)15-40
    • § 15:5.5 : Corporate Franchise Servicers15-40
  • § 15:6 : After a Compromise15-42
    • § 15:6.1 : Background15-42
    • § 15:6.2 : Initial Steps15-44
    • § 15:6.3 : Monitoring At-Risk Accounts15-47
    • § 15:6.4 : Notification to Issuing Financial Institutions15-48
  • § 15:7 : Enforcement15-49
    • § 15:7.1 : General15-49
    • § 15:7.2 : Recent Enforcement Efforts15-50
    • § 15:7.3 : CardSystems Solutions15-52
    • § 15:7.4 : Other Significant Data Breaches15-54
  • § 15:8 : Continued Development of Cardholder Data Protection15-56
    • § 15:8.1 : Increasing Global Compliance15-56
    • § 15:8.2 : Chip and PIN Security15-57
    • § 15:8.3 : Tokenization15-59
    • § 15:8.4 : Point-to-Point Encryption15-60
    • § 15:8.5 : Mobile Payments15-61
    • § 15:8.6 : Cloud Computing15-62
    • § 15:8.7 : E-Commerce15-64
    • § 15:8.8 : Risk Assessments15-65
Chapter 16: Insurance Coverage for Data Breaches and Unauthorized Privacy Disclosures
Chapter 17: Location Privacy: Technology and the Law
  • § 17:1 : Introduction17-2
  • § 17:2 : Development and Uses of Location-Tracking Technologies17-2
    • § 17:2.1 : Overview17-2
    • § 17:2.2 : Global Positioning Systems17-4
    • § 17:2.3 : Cell Site Location Information17-6
    • § 17:2.4 : Indoor Positioning Systems17-9
      • [A] : Radio Frequency Identification17-9
      • [B] : Other IPS Technologies17-10
    • § 17:2.5 : Vehicle Tracking17-11
    • § 17:2.6 : Unmanned Drones17-11
  • § 17:3 : Government Collection of Location Information17-12
    • § 17:3.1 : Location Privacy Under the Fourth Amendment17-12
    • § 17:3.2 : Government Requests for CSLI17-16
      • [A] : Federal Statutes17-16
      • [B] : Case Law17-18
      • [C] : State Laws17-23
  • § 17:4 : Private Collection and Use of Location Information17-24
    • § 17:4.1 : GPS Tracking17-24
      • [A] : State Laws17-24
      • [B] : Case Law17-24
      • [C] : Industry Self-Regulation17-27
    • § 17:4.2 : Mobile Devices and Applications17-28
      • [A] : Agency Guidance17-28
      • [B] : Recent Litigation17-29
    • § 17:4.3 : Other Location Technologies17-34
      • [A] : Radio Frequency Identification17-34
      • [B] : Vehicle Tracking17-35
  • § 17:5 : Legislative Outlook17-36
    • § 17:5.1 : Federal Proposals17-36
    • § 17:5.2 : State Legislation17-37
  Index

  Please click here to view the latest update information for this title: Last Update Information  
 

Print Share Email
”This is a timely, much-needed book that will be invaluable to practitioners approaching privacy from a wide spectrum of specialties.” 
John W. Kropf, Deputy Chief Privacy Officer, Department of Homeland Security