Abstract
The internet enables the easy collection of massive amounts of personally identifiable information. Unregulated data collection causes distrust and conflicts with widely accepted principles of privacy. The regulatory framework in the United States for ensuring privacy and security in the online environment consists of federal, state, and self-regulatory elements. New laws have been passed to address technological and internet practices that conflict with privacy protecting policies. The United States and the European Union approaches to privacy differ significantly, and the global internet environment will likely cause regulators to face the challenge of balancing privacy interests with data collection for many years to come.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
America Online. (2006). Hey, ‘Donald Trump Wants You!!’ … and other lies told by Spammers in 2005. Retrieved December 4, 2006, from http://daol.aol.com/articles/spam2005
America Online, Inc. v. LCGM, Inc., 46 F. Supp. 2d 444 (E.D.Va., 1998).
Burgunder, L. (2007). Legal aspects of managing technology (4th ed.). New York, NY: Thomson Higher Education.
California Database Breach Notification Security Act. (2002). California Civil Code Sections 1798.80-1798.84. Retrieved December 4, 2006, from http://www.leginfo.ca.gov/cgibin/waisgate?WAISdocID=24968225804+0+0+0&WAISaction=retrieve
California Online Privacy Protection Act. (2003). California Business and Professions Code, Sections 22575-22579. Retrieved December 3, 2006, from http://www.leginfo.ca.gov/cgibin/displaycode?section=bpc&group=22001-23000&file=22575-22579
Ciocchetti, C. (2008). Just click submit: The Collection, dissemination, and tagging of personally identifying information. Vanderbilt Journal of Entertainment & Technology Law, 10, 553–642.
Cogan, J. A. (2005). First ever conviction highlights differing views of HIPAA’s civil and criminal penalties. Medicine and Health Rhode Island. Retrieved November 27, 2006, from http://www.findarticles.com/p/articles/mi_qa4100/is_200501/ai_n9520488
Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act) 15 U.S.C. Sections 7701–7713 (2003).
DeMarco, D. A. (2006). Understanding consumer information privacy in the realm of internet commerce: Personhood and pragmatism, pop-tarts and six-packs. Texas Law Review, 84, 1013–1065.
Department of Commerce. (n.d.). Safe harbor overview. Retrieved December 4, 2006, from http://www.export.gov/safeharbor/SH_Overview.asp
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
European Convention for the Protection of Human Rights and Fundamental Freedoms. (1950). Article 8. Retrieved December 4, 2006, from http://ec.europa.eu/justice_home/fsj/privacy/law/treaty_en.htm
Federal Trade Commission. (n.d.). The Children’s Privacy Protection Act. Retrieved December 3, 2006, from http://ftc.gov/privacy/privacyinitiatives/childrens_enf.html
Federal Trade Commission. (n.d.). Pretexting: Enforcement. Retrieved December 3, 2006, from http://www.ftc.gov/privacy/privacyinitiatives/pretexting_enf.html
Federal Trade Commission. (n.d.). Enforcement cases: FTC privacy initiative. Retrieved December 3, 2006, from http://ftc.gov/privacy/privacyinitiatives/promises_enf.html
Federal Trade Commission. (1998). Privacy online: A report to congress. Retrieved December 3, 2006, from http://www.ftc.gov/reports/privacy3/priv-23a.pdf
Federal Trade Commission. (2002). How to comply with the privacy of consumer financial information rule of the Gramm-Leach-Bliley Act. Retrieved December 1, 2006, from http://www.ftc.gov/bcp/conline/pubs/buspubs/glblong.htm
Federal Trade Commission. (2004). The CAN-SPAM Act: Requirements for commercial emailers. Retrieved December 3, 2006, from http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.htm
Federal Trade Commission. (2006). Financial institutions and customer information: Complying with the safeguards rule. Retrieved December 1, 2006, from http://www.ftc.gov/bcp/conline/pubs/buspubs/safeguards.htm
Freedom, Security and Justice, Data Protection, European Union Legislative Documents. Retrieved on December 3, 2006, from http://ec.europa.eu/justice_home/fsj/privacy/law/index_en.htm
Gramm-Leach-Bliley Act. 15 U.S.C. Sections 6801–6809 (2000).
Hardee, K. A. (2006). The Gramm-Leach-Bliley Act: Five years after implementation, does the Emperor wear clothes? Creighton Law Review, 39, 915–936.
Health Information Privacy and Accountability Act (HIPAA), Pub. L. No. 104-191, 110 Stat. 1936 (1996).
Herdon, J. (2004). Who’s watching the kids? The use of peer-to-peer programs to cyberstalk children. Oklahoma Journal of Law and Technology, 1(12). Retrieved December 1, 2006, from http://www.okjolt.org/articles/2004okjoltrev12.cfm
Hiller, J., Belanger, F., Hsiao, M., & Park, J.-M. (2008). POCKET protection. American Business Law Journal, 45, 417–453.
Jaynes, v. Commonwealth, 276 Va. 443, 666 S.E.2d 303 (2008).
Jaynes v. Commonwealth, 48 Va.App. 673, 634 S.E.2d 357 (2006).
McClurg, A. J. (2003). A thousand words are worth a picture: A privacy tort response to consumer data profiling. Northwestern University Law Review, 98, 63–143.
National Conference of State Legislatures. “2006 Breach of Information Legislation.” Retrieved December 1, 2006, from http://www.ncsl.org/programs/lis/cip/priv/breach06.htm
Nehf, J. P. (2005). Shopping for privacy online: Consumer decision-making strategies and the emerging market for information privacy. University of Illinois Journal of Law, Technology and Policy, 2005, 1–53.
Organisation for Economic Co-operation and Development. (1980). OECD guidelines on the protection of privacy and transborder flows of personal data. Retrieved December 4, 2006, from http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html
Organisation for Economic Co-operation and Development. (1997). Implementing the OECD “Privacy Guidelines” in the electronic environment: Focus on the internet. Retrieved December 4, 2006, from http://www.oecd.org/dataoecd/33/43/2096272.pdf
Organisation for Economic Co-operation and Development, Working Party on Information Security and Privacy. (1998). Ministerial declaration on the protection of privacy on global networks. Retrieved December 4, 2006, from http://www.oecd.org/dataoecd/39/13/1840065.pdf
Organisation for Economic Co-operation and Development. (2006). Report on the cross border enforcement of privacy laws. Retrieved December 4, 2006, from http://www.oecd.org/dataoecd/17/43/37558845.pdf
Reidenberg, J. A. (2003). Privacy wrongs in search of remedies. Hastings Law Journal, 54, 877–898.
Soma, J. T., Rynerson, S. D., & Beall-Eder, B. D. (2004). An analysis of the use of bilateral agreements between transnational trading groups: The US/EU e-commerce privacy safe harbor. Texas International Law Journal, 39, 171–227.
United States Department of Health and Human Services. (2003). Summary of the HIPAA privacy rule. Retrieved December 4, 2006, from http://www.hhs.gov/ocr/privacysummary.pdf
University of Georgia Office of Information Security [INFOSEC] Enterprise Information Technology Services. State security breach notification laws. Retrieved December 1, 2006, from http://infosec.uga.edu/policymanagement/breachnotificationlaws.php
Acknowledgment
This work was supported, in part, by a National Science Foundation CyberTrust Program Grant, #CNS-0524052.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer Science+Business Media B.V.
About this chapter
Cite this chapter
Hiller, J.S. (2009). The Regulatory Framework for Privacy and Security. In: Hunsinger, J., Klastrup, L., Allen, M. (eds) International Handbook of Internet Research. Springer, Dordrecht. https://doi.org/10.1007/978-1-4020-9789-8_15
Download citation
DOI: https://doi.org/10.1007/978-1-4020-9789-8_15
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-1-4020-9788-1
Online ISBN: 978-1-4020-9789-8
eBook Packages: Computer ScienceComputer Science (R0)