The Regulatory Framework for Privacy and Security

Hiller, Janine S.

doi:10.1007/978-1-4020-9789-8_15

The Regulatory Framework for Privacy and Security

Janine S. Hiller⁴

Chapter
First Online: 01 January 2010

5477 Accesses
1 Citations

Abstract

The internet enables the easy collection of massive amounts of personally identifiable information. Unregulated data collection causes distrust and conflicts with widely accepted principles of privacy. The regulatory framework in the United States for ensuring privacy and security in the online environment consists of federal, state, and self-regulatory elements. New laws have been passed to address technological and internet practices that conflict with privacy protecting policies. The United States and the European Union approaches to privacy differ significantly, and the global internet environment will likely cause regulators to face the challenge of balancing privacy interests with data collection for many years to come.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 259.00; Price excludes VAT (USA)

Softcover Book: USD 329.99; Price excludes VAT (USA)

Hardcover Book: USD 329.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

America Online. (2006). Hey, ‘Donald Trump Wants You!!’ … and other lies told by Spammers in 2005. Retrieved December 4, 2006, from http://daol.aol.com/articles/spam2005
America Online, Inc. v. LCGM, Inc., 46 F. Supp. 2d 444 (E.D.Va., 1998).
Google Scholar
Burgunder, L. (2007). Legal aspects of managing technology (4th ed.). New York, NY: Thomson Higher Education.
Google Scholar
California Database Breach Notification Security Act. (2002). California Civil Code Sections 1798.80-1798.84. Retrieved December 4, 2006, from http://www.leginfo.ca.gov/cgibin/waisgate?WAISdocID=24968225804+0+0+0&WAISaction=retrieve
California Online Privacy Protection Act. (2003). California Business and Professions Code, Sections 22575-22579. Retrieved December 3, 2006, from http://www.leginfo.ca.gov/cgibin/displaycode?section=bpc&group=22001-23000&file=22575-22579
Ciocchetti, C. (2008). Just click submit: The Collection, dissemination, and tagging of personally identifying information. Vanderbilt Journal of Entertainment & Technology Law, 10, 553–642.
Google Scholar
Cogan, J. A. (2005). First ever conviction highlights differing views of HIPAA’s civil and criminal penalties. Medicine and Health Rhode Island. Retrieved November 27, 2006, from http://www.findarticles.com/p/articles/mi_qa4100/is_200501/ai_n9520488
Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act) 15 U.S.C. Sections 7701–7713 (2003).
Google Scholar
DeMarco, D. A. (2006). Understanding consumer information privacy in the realm of internet commerce: Personhood and pragmatism, pop-tarts and six-packs. Texas Law Review, 84, 1013–1065.
Google Scholar
Department of Commerce. (n.d.). Safe harbor overview. Retrieved December 4, 2006, from http://www.export.gov/safeharbor/SH_Overview.asp
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
Google Scholar
European Convention for the Protection of Human Rights and Fundamental Freedoms. (1950). Article 8. Retrieved December 4, 2006, from http://ec.europa.eu/justice_home/fsj/privacy/law/treaty_en.htm
Federal Trade Commission. (n.d.). The Children’s Privacy Protection Act. Retrieved December 3, 2006, from http://ftc.gov/privacy/privacyinitiatives/childrens_enf.html
Federal Trade Commission. (n.d.). Pretexting: Enforcement. Retrieved December 3, 2006, from http://www.ftc.gov/privacy/privacyinitiatives/pretexting_enf.html
Federal Trade Commission. (n.d.). Enforcement cases: FTC privacy initiative. Retrieved December 3, 2006, from http://ftc.gov/privacy/privacyinitiatives/promises_enf.html
Federal Trade Commission. (1998). Privacy online: A report to congress. Retrieved December 3, 2006, from http://www.ftc.gov/reports/privacy3/priv-23a.pdf
Federal Trade Commission. (2002). How to comply with the privacy of consumer financial information rule of the Gramm-Leach-Bliley Act. Retrieved December 1, 2006, from http://www.ftc.gov/bcp/conline/pubs/buspubs/glblong.htm
Federal Trade Commission. (2004). The CAN-SPAM Act: Requirements for commercial emailers. Retrieved December 3, 2006, from http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.htm
Federal Trade Commission. (2006). Financial institutions and customer information: Complying with the safeguards rule. Retrieved December 1, 2006, from http://www.ftc.gov/bcp/conline/pubs/buspubs/safeguards.htm
Freedom, Security and Justice, Data Protection, European Union Legislative Documents. Retrieved on December 3, 2006, from http://ec.europa.eu/justice_home/fsj/privacy/law/index_en.htm
Gramm-Leach-Bliley Act. 15 U.S.C. Sections 6801–6809 (2000).
Google Scholar
Hardee, K. A. (2006). The Gramm-Leach-Bliley Act: Five years after implementation, does the Emperor wear clothes? Creighton Law Review, 39, 915–936.
Google Scholar
Health Information Privacy and Accountability Act (HIPAA), Pub. L. No. 104-191, 110 Stat. 1936 (1996).
Google Scholar
Herdon, J. (2004). Who’s watching the kids? The use of peer-to-peer programs to cyberstalk children. Oklahoma Journal of Law and Technology, 1(12). Retrieved December 1, 2006, from http://www.okjolt.org/articles/2004okjoltrev12.cfm
Hiller, J., Belanger, F., Hsiao, M., & Park, J.-M. (2008). POCKET protection. American Business Law Journal, 45, 417–453.
Article Google Scholar
Jaynes, v. Commonwealth, 276 Va. 443, 666 S.E.2d 303 (2008).
Google Scholar
Jaynes v. Commonwealth, 48 Va.App. 673, 634 S.E.2d 357 (2006).
Google Scholar
McClurg, A. J. (2003). A thousand words are worth a picture: A privacy tort response to consumer data profiling. Northwestern University Law Review, 98, 63–143.
Google Scholar
National Conference of State Legislatures. “2006 Breach of Information Legislation.” Retrieved December 1, 2006, from http://www.ncsl.org/programs/lis/cip/priv/breach06.htm
Nehf, J. P. (2005). Shopping for privacy online: Consumer decision-making strategies and the emerging market for information privacy. University of Illinois Journal of Law, Technology and Policy, 2005, 1–53.
Google Scholar
Organisation for Economic Co-operation and Development. (1980). OECD guidelines on the protection of privacy and transborder flows of personal data. Retrieved December 4, 2006, from http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html
Organisation for Economic Co-operation and Development. (1997). Implementing the OECD “Privacy Guidelines” in the electronic environment: Focus on the internet. Retrieved December 4, 2006, from http://www.oecd.org/dataoecd/33/43/2096272.pdf
Organisation for Economic Co-operation and Development, Working Party on Information Security and Privacy. (1998). Ministerial declaration on the protection of privacy on global networks. Retrieved December 4, 2006, from http://www.oecd.org/dataoecd/39/13/1840065.pdf
Organisation for Economic Co-operation and Development. (2006). Report on the cross border enforcement of privacy laws. Retrieved December 4, 2006, from http://www.oecd.org/dataoecd/17/43/37558845.pdf
Reidenberg, J. A. (2003). Privacy wrongs in search of remedies. Hastings Law Journal, 54, 877–898.
Google Scholar
Soma, J. T., Rynerson, S. D., & Beall-Eder, B. D. (2004). An analysis of the use of bilateral agreements between transnational trading groups: The US/EU e-commerce privacy safe harbor. Texas International Law Journal, 39, 171–227.
Google Scholar
United States Department of Health and Human Services. (2003). Summary of the HIPAA privacy rule. Retrieved December 4, 2006, from http://www.hhs.gov/ocr/privacysummary.pdf
University of Georgia Office of Information Security [INFOSEC] Enterprise Information Technology Services. State security breach notification laws. Retrieved December 1, 2006, from http://infosec.uga.edu/policymanagement/breachnotificationlaws.php

Download references

Acknowledgment

This work was supported, in part, by a National Science Foundation CyberTrust Program Grant, #CNS-0524052.

Author information

Authors and Affiliations

School of Business, Virginia Tech, Blacksburg, Virginia, USA
Janine S. Hiller

Authors

Janine S. Hiller
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Janine S. Hiller .

Editor information

Editors and Affiliations

Dept. Political Science, Virginia Tech, Major Williams Hall 531, Blacksburg, 24061, USA
Jeremy Hunsinger
Peachtree St. NE., 620, Atlanta, 30308, USA
Lisbeth Klastrup
Fac. Media, Society & Culture, Curtin University, Kent St., Bentley, 6102, Australia
Matthew Allen

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Hiller, J.S. (2009). The Regulatory Framework for Privacy and Security. In: Hunsinger, J., Klastrup, L., Allen, M. (eds) International Handbook of Internet Research. Springer, Dordrecht. https://doi.org/10.1007/978-1-4020-9789-8_15

Download citation

DOI: https://doi.org/10.1007/978-1-4020-9789-8_15
Published: 05 March 2010
Publisher Name: Springer, Dordrecht
Print ISBN: 978-1-4020-9788-1
Online ISBN: 978-1-4020-9789-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics