Upgrade to remove ads
Government and Court Access to Private-sector Information
Terms in this set (71)
Disclosures required by law
1. U.S. Food and Drug Administration (FDA)-requires health professionals and drug manufacturers to report serious adverse events, product problems or medication errors suspected to be associated with the use of an FDA-regulated drug.
2. The U.S. Department of Labor's Occupational Health and Safety Administration (OSHA) requires compilation and reporting of information about certain workplace injuries and illnesses
3.Many states require reporting of certain types of injuries and medical conditions, such as abuse, gunshot wounds, immunization records or specific contagious diseases. The Health Insurance Portability Act (HIPAA) permits disclosure of PHI where disclosure is required by law.
4. Bank Secrecy Act
Federal Rule of Civil Procedure 45 says that a subpoena must:
1. State the court from which it was issues
2.State the title of the action and its civil action number
3. Command each person to whom it is directed to do the following at a specific time and place: attend and testify; produce designated documents,electronically stored information or tangible things in thats person possession, custody or control; or permit the inspection of premises.
4. Set out the test of the rules describing a persons right to challenge or modify the subpoena.
Subpoena rule states?
The issuing court may "hold in contempt a person who, having been served, fails without adequate excuse to obey the subpoena." Contempt of court can result in fines or imprisonment.
Law enforcement can get phone numbers called and similar information under a
pen register order.
A judge that issues that type of order under the relatively easy to meet standard that the information is "relevant to an ongoing investigation"
Stored contents of records may be accessed under court order defined by 18U.S.C. 2703(d) which require the government to provide a judge with?
"specific and articulable facts showing that there are reasonable grounds" to believe communications are relevant to criminal investigations.
Traditional search warrant issued by a judge or magistrate under the
Fourth Amendment to the US constitution, requires that there is probable cause that a crime has been,is, or will be committed.
computer trespasser exception (hacker tresspasser)
Created by section 217 of the USA PATRIOT Act
In general a law enforcement officer needs to have a court order or some lawful basis to intercept wire or electronic communications. Section 217 permits but does not require, the owner or operator of a computer system to provide such access in defined circumstances.
For computer trespassers, law enforcement can now perform interception if:
1. The owner or operator of the protected computer authorizes the interception of the computers trespassers communications on the protected computer.
2. The person acting under color of law is lawfully engaged in an investigation
3. The person acting under the color of law has reasonable grounds to believe that the contents of the computers trespassers communications will be relevant to the investigation
4. Such interception does not acquire communication other than those transmitted.
In the context of investigations and litigation, evidentiary "privileges" can also prohibit disclosure...Examples include:
which means that an attorney cannot be compelled to testify or produce records about a client concerning matters within the scope of the representation.
Judge determines what information should not be made public and what conditions apply to those who may access the protected information
Rule 26(C) of the Federal Rules of Civil Procedure states:
that a party may seek a protective order providing that confidential information may not be revealed or must be revealed in a particular way-such as "attorneys eyes only"- during litigation
The moving party must demonstrate good cause, and a court will apply a three part test in deciding whether to grant the request.
1. the resisting party must show the information is relevant and necessary to the case.
2. Requesting party must show that the information is relevant and necessary to the case.
3.Court must weigh the harm of disclosure against the need for the information.
The HIPAA Privacy rule discusses the standards for the "qualified protective order" which applies to?
State courts that are not covered by the federal rules of civil procedure.
Attorneys are required to redact documents so that no more than the following information is included in court fillings.
1. Last four digits of SSN and tax payer ID number
2. The year of the individuals birth
3.If the individual is a minor, only the minors initials
4. The last four digits of Financial account number
Regarding email retention, Sedona Conference offers 4 key guidelines:
1. Email retention policies should be administered by interdisciplinary teams composed of participants across a diverse array of business units.
2.Such teams should continually develop their understanding of the policies and practices on place and identify the gaps between policy and practice
3. Interdisciplinary teams should reach consensus as to policies, while looking to industry standards
4.Technical solutions should meet ans parallel the functional requirements of the organization
While it may be an accepted practice to wipe and re image personal computers after an employee is terminated so that the computer can be provided to a new employee in order to take advantage of the..
" good faith exception (to discovery obligations), a party needs to act affirmatively to prevent the system from destroying or altering information, even if such destruction would occur in the regular course of business."
Solution: collect forensic images of such devices prior to reassignment"
Inital problems with invasion of privacy concerns related to such retention can be countered by clearly articulating a usage policy for employees...
EX" discouraging employees from using their company email accounts for personal communications, a company can reduce the future risk of handing over sensitive or embarrassing information when complying with a discovery request.
Similarly. placing limits on the permitted use of company computers may aid in preventing later forensic discovery of hard drives from revealing private information about employees.
Employees should be discouraged from conducting company business on personal devices to prevent the subsequent risk of an invasion of privacy if an employer needs to examine the device.
The production of trans border data may also be avoided by invoking the?
Hague convention on the taking of evidence.
Under the Hague convention treaty...
The party seeking to displace the federal rules of civil procedure bears the burden of demonstrating that it is more appropriate to use the hauge convention and must establish that the foreign law prohibits the discovery sought.
Such Prohibitions may be established by expert testimony.
The Hague Convention
Aerospaciale v S.D. of Iowa reconciliation factors:
• Importance of document or litigation
• Specificity of request
• Origination of information
• Availability to alternate means to secure information
• Undermining important interests of U.S. and foreign states (often referred to as most important)
once data has been culled for E discovery, preservation and transport present final considerations.
Data may either be"
"preserved in place" by maintaing it in its native repository
For transfer data should be encrypted and the key transferred by a secure second method of transport
IF shipped as physical media, it should be transported in a manner that preserves an audit trail.
Evidence gathered by the government in violation of the fourth amendment is generally subject to what is called?
the "exclusionary rule" meaning that the evidence can be excluded from the criminal trial.
In the 1928 case of Olmstead Vs US...
majority of the supreme court held that no warrant was required for wiretaps conducted on telephone company wires outside of suspects building.
In the 1967 case of KATZ vs. US
the majority stated: "what a person knowingly exposes to the public, even in his own home or office is not a subject of fourth amendment protection. But what he seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected"
The court found that a warrant was needed to a police bug in a restaurant, placed to hear the calls behind the closed doors of a phone booth
Katz is best remembered today for the widely cited
"reasonable expectation of privacy" test
In the 2012 case of US Vs. Jones
the supreme court signaled important changes to the "in public" and third party exceptions.
A warrant was needed when the police placed a GPS device on a car and tracked location
2014 case of Riley Vs. California
supreme court unanimously held that contents of a cell phone cannot be searched unless law enforcement officers first obtain a search warrant.
Internet searches can reveal a persons interests, and location information can pinpoint an individuals movement overtime.
Right to financial privacy act was passed after the supreme court held that the fourth amendment did not apply to?
Electronic communications privacy act was passed after the supreme court held that the fourth amendment did not apply to?
telephone numbers called
Disclosure under HIPAA to law enforcement is only permitted
pursuant to a court order or grand jury subpoena or through an administrative request if three criteria are met:
crime on premises, emergencies and about victims in a crime even in the absence of patient consent if a multifactor test is met.
1. The information sought is relevant and material to legitimate law enforcement inquiry.
2. The request is specific and limited in scope to the extent reasonable practicable in light of the purpose for which the information is sought
3. De-identified information could not reasonably be used.
Ttile III of a 1968 anti crime law applies to (Title III requirements)
Wire communications, which include a phone call or other aural communications made through a network, and "oral communications" such as hidden bugs or microphones.
ECPA extended the ban on interception to
"electronic communications" which are essentially emails, that are not wire or oral communications.
Under federal law, interception is....
1.permitted if a person is the party to the call or if one of the parties has given consent.
2. Done in the ordinary course of business. Exception applies where the device used for the interception is :furnished to the subscriber or under by a provider of wire or electronic communication service in the ordinary course of business
Normal course of business here would apply to routine monitoring in a call center or scanning of companies emails for viruses or other malware.
A number of states however have the stricter rule that?
all parties to the call must consent. This all party consent requirement is why customers often hear a message giving notice that a call is being recorded for quality assurance or other purposes.
Delaware law in regards to stored communications
prohibits employers from monitoring or otherwise intercepting any telephone conversation or transmission, electronic mail or transmission, or internet access or usage" without prior written notice and daily electronic notice.
Connecticut law in regards to stored communications
Requires that "each employer who engages in any type of electronic monitoring shall give prior written notice to all employees who may be affected, informing them of the types of monitoring which may occur. Each employer shall post, in a conspicuous place which is readily available for viewing by its employees a notice concerning the types of electronic monitoring which the employer may engage in.
Stored Communications Act (SCA)
-The person or entity providing a wire or electronic communications service(often the company)
-Conduct authorized "by a user of that service with respect to a communication of or intended for that use
The USA Patriot ACT
expanded the definitions beyond telephone numbers to include "dialing, routing, addressing or signaling information"
The USA Freedom Act
set new rules for national security investigations, prohibiting the use of pen register and trap and trace orders for bulk collection and restricting their use to circumstances where there were specific selectors such as an email address or telephone number.
Who implemented the CALEA?
The U.S. Communications Assistance to Law enforcement Act of 1994 (CALEA) also known as?
Digital Telephony Bill
The U.S. Communications Assistance to Law enforcement Act of 1994 (CALEA)
lays out the duties of defined actors in the telecommunications industry to cooperate in the interception of communications for law enforcement and other needs relating to the security and safety of the public.
It notably requires telecommunications carriers to design their products and services to ensure that they can carry out a lawful order to provide government access to communications.
Cybersecurity Information Sharing Act (CISA)
Permits the federal government to share unclassified technical data with companies about how networks have been attached and how successful defenses against such attacks have been carried out.
Right to Financial Privacy Act of 1978
Applies to disclosures by a variety of financial institutions, including banks, credit card companies and consumer fiance companies. RFPA states that "no government authority may have access to or obtain copies of, or the information contained in the financial records of any customer from a financial institution unless the financial records are reasonable described and meet at least one condition.
1. The customer authorizes access
2. There is an appropriate administrative subpoena or summons
3. There is a qualified search warrant
4. There is appropriate judicial subpoena
5. There is an appropriate formal written request from an authorized government authority.
Customers must receive notice in advance of the government request for the records and they have the right to challenge disclosure of such records.
Zurcher V Stanford lead to the creation of what law?
privacy protection act (PPA)
The Privacy Protection Act
Provides an extra layer of protection for members of the media and media organizations form government searches or seizures in the course of criminal investigations.
In practice, rather than physically searching a newsroom....
The PPA effectively fores law enforcement to use subpoenas or voluntary cooperation to obtain evidence from those engaged in first amendment activities.
PPA act applies to?
Government officers or employees at all levels of government. Applies to only criminal investigations, not to civil litigation.
penalties of a minimum of 1,000, actual damages and attorneys fees
Probable cause to believe that a reporter has committed or is in the process of committing a crime.
To prevent death or serious injury or where there is reason to believe documents will be destroyed or concealed if the materials were requested through a subpoena
"Globalization of criminal evidence"
Evidence for a criminal case held in a different country
Microsoft VS US
SCA did not require the company to provide electronic evidence that was stored outside of the United States, meaning the warrant was not valid for the contents of an email account that Microsoft stored overseas.
Mutual Legal Assistance Treaty (MLAT)
Agreement among countries allowing for mutual assistance in legal proceedings and access to documents and witnesses and other legal and judicial resources in the respective countries, in private and public sectors, for use in official investigations and prosecutions.
The attacks on 9/11 led to the important changes to FISA as part the?
USA Patriot Act
Foreign Intelligence Surveillance Act
During the Cold War when a major target of national security efforts was to track the activities of agents of the Soviet Union and its allied foreign nation states, this statute was passed. The Foreign Intelligence Surveillance Act (or FISA) established standards and procedures for use of electronic surveillance to collect "foreign intelligence" within the U.S. by the president and attorney general.
The USA Patriot Act
provided more flexibility with foreign intelligence wiretaps and used more often with more flexible limits
FISA Amendment Act of 2008
Provided legal authorization to new surveillance practices, required more reporting to Congress and granted immunity to telephone companies for records provided to the government in the wake of 9/11.
The Privacy and Civil Liberties Oversight Board(PCLOB)
independent agency in the executive branch, released detailed reports on the section 215 and 702 surveillance programs, making numerous recommendations. (22 recommendations)
The snowden revelations led to significant reforms in the US surveillance law and practices including passage of?
The USA FREEDOM ACT OF 2015
Judaical Redress Act 2016
Extends US privacy act protections to certain non-US persons
encryption blinds the ability of officials to see evidence
Uniting and Strengthening America by Fulfilling Rights and Ensuring
Effective Discipline Over Monitoring Act (USA FREEDOM Act)
set new rules for national security investigations. Because U.S. privacy laws have varying scope and differing definitions for national security exceptions, privacy and IT professionals and attorneys who provide access to records must do research to determine what national security disclosures are permitted, for what sorts of records, and to which agencies.
Specifically, provisions of this act reformed U.S. intelligence and surveillance laws and increased the transparency of the FISA Court.
Entities that received such an order under FISA could not disclose before, during or after that they were targets of an investigation
The USA Freedom ACT
created a group of independent experts in the area of privacy and civil liberties, called amicus Curiae, to brief the FISC on novel or significant matters of law.
Section 215 of the USA PATRIOT Act
received a great deal of public attention after documents released by Edward Snowden stated that the NSA had created a databse containing substantial fraction of call detail information for domestic US telephone calls.
provided that a Federal court order can require production of "any tangible thing" for defined foreign intelligence and antiterrorism investigations. A tangible thing included books, records, papers, documents and other items. It further stated that entities of orders were forbidden to disclose that an order had been received except to necessary personnel or an attorney.
The USA Freedom ACT ended what under section 215
bulk collection. Going forward requests by government officials must be based upon specific selectors, such as a telephone number.
permitted to release statistics about the number of such requests they receive in a given time period and the government is required to report its numbers once a year
Provision in the FISA Amendments Act of 2008
applies to electronic communications between two non-U.S. persons. The content is often stored within the United States due to the growing use of U.S.-based providers for webmail, social networks and other services.
It goes on to state that when targeting the communication of any person, the government must have foreign intelligence purpose to conduct the collection of information as well as a reasonable belief that the person is a non-U.S. citizen located outside of the United States.
Section 702 also provides for the full contents of the communication, not just information, such as to and from.
targets internet-based communications as they pass through physical internet infrastructure located within the united stares. Designed to only acquire internet communications that contain a tasked selector.
can be issued without any judicial involvement
As of 2015, the FBI now preemptively terminates the?
NSL secrecy for an individual order when the investigation closes, or no more than three years after the opening of a full investigation
2006 amendments on NSL
Recipients are bound to confidentiality only if there is a finding by the requesting agency of interference with a criminal or counter-terrorism investigation or for other listed purposes.
THIS SET IS OFTEN IN FOLDERS WITH...
CIPP/US, CIPP/US Practice Questions, CIPP/US, CIPP…
CIPP/US Acronyms Ch01
CIPP/US Acronyms Ch02
CIPP/US Acronyms Ch03
YOU MIGHT ALSO LIKE...
Chapter 6 Privacy and the Government
Computer Law & Ethics - Chapter 4
crj proceed chapter 5
OTHER SETS BY THIS CREATOR
State Privacy Laws
CIPP/US Practice Cards
CIPP/US Practice Questions
OTHER QUIZLET SETS
MicroBio 303 Exam 1 Practice Questions
T2 - State Board of Pharmacy Rules
Sport Governance - Test #2