CO’s PCUDIP
Protecting Consumers from Unfair Discrimination Insurance Practice Regulation
- requires life insurers who use AI model to have a governing structure
- requires covered life insurers to submit annual report to CO Division of Insurance that summarizes compliance with regulation’s requirements and list each individual responsible for insuring
FTC vs FCC
FTC:
- regulating and enforcement experience to best ensure net neutrality (mostly telecom)
- regulate ads and consumer protection
- ensure competition market through antitrust law
- issue administrative complaints, relief, develop rules, enforce international laws like Data Privacy Framework
FCC:
- oversight over internet service providers (basically every other market)
- oversees TV and radio communications
- fines, mediation, settlement, formal complaints
Communications Decency Act of 1996
Title V of Telecoms Act
- meant to regulate indecency and obscenity in cyberspace
- no publisher of interactive computer service will be treated as publisher of any information provided by another info content provider
“Good Samaritan” protection from civil liability for websites that remove/restrict “offensive” 3rd party content from their sites
Individual Rights under HIPAA
- corrections
- notifications on how HI is used/shared
- permissions (individuals can choose how used/shared)
- request restrictions on how HI is used/disclosed
- request REPORT on why/when HI is used/disclosed
- file complaints with provider/ health insurer or office of civil rights if they believe the rights are violated
- portability of health coverage, continuous coverage between jobs, coverage of employees with preexisting conditions
Entities the FTC does NOT regulate
banks, insurance companies, non-profits, transportation, communications common carriers, air carriers
CFPB enforcement actions and general responsibilities
- rulemaking, supervision, enforcement, education
enforcement: conduct investigations, issue subpoenas, hold hearings, commence civil actions vs. offenders
- public enforcement actions: state/federal court, institute administrative adjudication proceeding
- can force compensation, consumer redress, injunctive relief
NY Stop Hacks and Improve E-Data Security Act (SHIELD)
- expands types of PI for which companies must provide consumer notice in the event of a breach
- requires that companies develop, implement and maintain reasonable safeguards to protect the security, confidentiality, and integrity of PI
Data Life Cycle Stages
- Collection
- Use
- Disclosure
- Retention
- Destruction
4 steps for info management program
- Discover
- Build
- Communicate
- Evolve
2 Key elements of CLOUD
Clarifying Lawful Overseas Use of Data Act (2018)
Provisions for US access to foreign stored data
- compelled disclosure orders apply “regardless of whether such comms, records, or other info is located within the US”
- provisions to create executive agreements for foreign access to data stored in US
—- new mechanism for other countries to access content of communications held by US service providers
Supreme Court decisions regarding privacy and laws on searches
Olmstead v. US - no warrant for wiretapping
Katz v. US - need a warrant for wiretapping (overturn Olmstead)
US v. Jones - no GPS install on vehicle
Riley v. California - need warrant for phone search
Carpenter v. US - need warrant for phone site records
US Discovery Rule vs Foreign Laws
US
- requires disclosure of all non-privileged info relevant to claims or defenses in cases
Foreign
- place greater emphasis on protection of PD and records privacy as a fundamental right
- EU nations subject to stricter restrictions under GDPR
Hague Convention
On taking of evidence
- protects against cross-border data production
- requesting party must demonstrate why it must be used
Discovery Request
in law enforcement or national security investigations, organizations may face requests or orders to produce information
Exceptions to the ECPA
- party to the call
- ordinary course of business
GLBA
Gramm-Leach-Bailey Act 1999
- requires financial institutions to EXPLAIN info sharing practices to consumers to safeguard sensitive data
address handle of non public PI by requiring financial institutions to:
- respect consumers’ privacy
- establish appropriate administrative, technical, physical safeguards standard
- securely store PFI
- notice of data sharing policies
- give right to opt-out of some sharing of PI
Violations: fines, prison time, can be considered deceptive trade practice
EU-US Data Privacy Framework
2023 - European Commission adopted adequacy decision for the EU-US data privacy framework
- created a new binding safeguard to address concerns about prior mechanisms
- limit access to EU data by US intelligence services to what is “necessary and proportionate”
- establish Data Protection Review Court to which EU individuals have access
What are the regulatory bodies protecting employee privacy?
- department of labor
- equal employment and opportunity commission
- FTC
- consumer financial protection bureau (CFPB)
- national labor relations board
MSCM
mobile service commercial messages
Commercial electronic mail messages transmitted directly to wireless device used by subscriber of commercial mobile service
Civil Rights Act
bars discrimination in employment due to race, color, religion, sex, and national origin
What must an attorney redact from court findings EXCEPT:
- last 4 of SSN
- last 4 of bank account number
- initials (if a minor)
- year of birth
