Picture of author.
12 Works 480 Members 6 Reviews

About the Author

Daniel J. Solove is John Marshall Harlan Research Professor of Law, George Washington University Law School.
Image credit: George Washington University (faculty page)

Works by Daniel J. Solove

Tagged

Common Knowledge

Members

Reviews

This book was surprisingly relevant for a book published in 2007 -- perhaps more fresh now than it would have seemed a couple years ago, given the conversations that are being had around harassment and bullying. That said, I would have given it another star if it weren't for the fact that all of the examples are quite dated (note that the author does have newer books). That said, many of the concerns read as fresh. The lasting nature of information on the internet and the way that it can spread so quickly can wreak havoc on the reputation and well being of individuals. But the internet has at its core principles of free speech. Solove argues that while free speech is absolutely fundamental to individual liberty and autonomy and to a well functioning society, we have to balance that freedom against protections of privacy, confidentiality, and reputation. Those values protect much of the same liberty and autonomy that freedom of speech serves to protect.

The key question is how. How do we balance these two values that often serve the same end but can also conflict? Solove has some ideas, but for the most part what this book does is explore the questions rather than prescribe the answers. One thing that Solove does make clear, however, is that he believes that privacy and reputation can be protected. At first blush, it may seem impossible to keep secrets in a digitally connected world, but that can change as norms change and as laws support those norms. At the very least, we should change from an "anything goes" attitude to at least acknowledging that doing something online doesn't give someone a free pass.

Below I've included altogether too many quotes that I found interesting. Emphasis mine.

pg 31,: Our reputation can be a key dimension of our self, something that affects the very core of our identity. Beyond its internal influence on our self-conception, our reputation affects our ability to engage in basic activities in society. We depend upon others to engage in transactions with us, to employ us, to befriend us, and to listen to us. Without the cooperation of others in society, we are often unable to do what we want to do. Without the respect of others, our actions and accomplishments can lose their purpose and meaning. Without the appropriate reputation, our speech, though free, may fall on deaf ears. Our freedom, in short, depends in part upon how others in society judge us.

pg 33: There's a paradox at the heart of reputation -- despite the fact we talk about reputation as earned and the product of our behavior and character, it is something given to us by others in the community. Reputation is a core component of our identity -- it reflects who we are and shapes how we interact with others -- yet it is not solely our own creation. As one person in the nineteenth century put it: "A man's character is what is is; a man's reputation is what other people may imagine him to be."

pg 35: They key question is how much control we ought to have over the spread of information about us. We don't want to provide too much control, as this will allow people to trick us into trusting them when they don't deserve it. Too much control will also stifle free speech, as it will prevent others from speaking about us. Hence the conflict: we want information to flow openly, for this is essential to a free society, yet we also want to have some control over the information that circulates about us, for this is essential to our freedom as well.

pg 37: In the past, rumors and falsehoods would readily spread around the small village, but the Internet lacks the village's corrective of familiarity. In the small village, people had a long history together and knew the whole story about an individual. But now someone reading an online report about some faraway stranger rarely knows the whole story -- the reader has only fragments of information, and when little is invested in a personal relationship, even information that is incomplete and of dubious veracity might be enough to precipitate ridicule, shunning, and reproach.

pg 67-68: The law professor Jeffrey Rosen astutely points out that people have short attention spans and will probably not judge other people fairly: "When intimate personal information circulates among a small group of people who know us well, its significance can be weighed against other aspects of our personality and character. By contrast, when intimate information is removed from its original context and revealed to strangers, we are vulnerable to being misjudged on the basis of our most embarrassing, and therefore most memorable, tastes and preferences."

pg 69: Neither the public nor private self represents the "true" self. We're too complex for that. Our public and private sides are just dimensions in a complex, multifaceted personality, one that is shaped by the roles we play. We express different aspects of our personalities in different relationships and contexts. The psychiatry professor Arnold Ludwig debunks the myth that the self displayed in private is more genuine than the self exhibited in public: "Each self is as real to the person experiencing it and as much the product of natural forces as the other. All that the distinction between a true and false self signifies is a value judgment." As a result, uncovering secrets will not necessarily reveal who people "truly" are or enable more accurate assessments of their character. Instead, these disclosures can often be jarring, for they display people out of the context in which others may know them.

Revealing private facts when first getting to know a person can be even more distorting. According to Goffman, people need time to establish relationships before revealing secrets. Immediate honesty can be costly. When we first meet somebody, we have little invested in that person. We haven't built any bonds of friendship or developed any feelings for that person. So if we learn about a piece of that person's private life that seems bizarre or unpleasant, it's easy to just walk away. But we don't just walk away from people we know well. With time to gain familiarity with a person, we're better able to process information, see the whole person, and weigh secrets in context.

pg 69-70: Nagel's observation suggests a key point -- society recognizes and accepts the fact that the public self is a partly fictional concept. The public self is constructed according to social norms about what is appropriate to expose in public. People may even feel uncomfortable when other people reveal "too much information" about themselves. In short, society expects the public self to be more buttoned-up than the private self.

pg 71: Privacy gives people space to be free from the scrutiny of society. The sociologist Alan Westin observes that privacy protects "minor non-compliance with social norms." Many norms are routinely broken, and privacy often means that we allow people to violate social norms without getting caught or punished for it, without having their peccadillos ascribed to their reputations. The sociologist Amitai Etzioni views privacy as a "realm" where people "can legitimately act without disclosure and accountability to others."

pg 73: Protection against disclosure permits room to change, to define oneself and one's future without becoming a "prisoner of [one's] recorded past." Society has a tendency to tie people too tightly to the past and to typecast people in particular roles. The human personality is dynamic, yet accepting the complete implications of this fact can be difficult.

pg 74: The Internet is transforming the nature and effects of gossip. It is making gossip more permanent and widespread, but less discriminating in the appropriateness of audience. ... Audience matters. .... Another consideration is the purpose of the disclosure. Disclosures made for spite, or to shame others, or simply to entertain, should not be treated the same as disclosures made to educate or inform. When we determine whether gossip is good or not, we must look at the who, what, and why of it. We should ask: Who is making the disclosure? Is the disclosure made to the appropriate audience? Is the purpose behind the disclosure one we should encourage or discourage? The problem with Internet gossip is that it can so readily be untethered from its context.

pg 84: To understand shaming, it is essential to understand norms. Every society has an elaborate lattice of norms. A norm is a rule of conduct, one less official than a law, but sometimes as improper to transgress If you break a law, you can be punished by the government or be sued by another person. Norms generally are not enforced in this manner. Nor are they written down in a book of legal code. Nonetheless, norms are widely known and widely observed rules of social conduct.

pg 94: One of the chief drawbacks of Internet shaming is the permanence of its effects. Internet shaming creates an indelible blemish on a person's identity. Being shamed in cyberspace is akin to being marked for life.

pg 94-95: For the philosopher Martha Nussbaum, shame is more than simply an expression of displeasure at particular acts; rather, it is an enduring reduction in social status to a lesser kind of person: "Shame punishments, historically, are ways of marking a person, often for life, with a degraded identity.... Guilt punishments make the statement, 'You committed a bad act.' Shame punishments make the statement, 'You are a defective type of person.'"

pg 98-99: Although Internet shaming can help enforce norms, norms can often take care of themselves without the help of external enforcement. The law professor Robert Cooter observes that norms often work through a process called "internalization" -- people follow norms not because they fear external shaming by others but because they would feel ashamed of themselves if they violated a norm. ... Of course, for some norms, we may desire the added benefit of external norm enforcement, but for many norms internal self-enforcement works quite nicely on its own. As the law professor Lawrence Mitchell puts it, people "not only want to avoid blame, but blameworthiness." Even if we're never caught, we can never escape from ourselves, and our internal judges are often our most stringent.

pg 102: The shamer's explanation for attacking another person, somebody he probably didn't even know, stems from a belief that shame is necessary to ensure social order. Without the threat of shame, people would transgress norms, making society less orderly and civil. But as some of these incidents demonstrate, although shaming is done to further social order, it paradoxically can have the opposite result. Instead of enhancing social control and order, Internet shaming often careens out of control. It targets people without careful consideration of all the facts and punishes them for their supposed infractions without proportionality. Shaming becomes uncivil, moblike, and potentially subversive of the very social order that it tries to protect.

pg 105: New technologies rarely give rise to questions we have never addressed before. More often they make the old questions more complex.

pg 123: At its best, the law can achieve control without having to be invoked. This might sound paradoxical, but it is a rather obvious point. The best laws for addressing harms are ones that not only help fix the damage but also keep the harms from occurring in the first place. The most effective law rarely needs to be used, as the legal process is expensive and time-consuming. The law works best when it helps people resolve disputes outside the courtroom.

pg 126: In other words, the First Amendment protects false speech not for its own sake but as a means of protecting true speech.

pg 130: One of the most frequently articulated rationales for why we protect free speech is that it promotes individual autonomy. We want people to have the freedom to express themselves in all their uniqueness, eccentricity, and candor. ... But the autonomy justification cuts both ways. As the law professor Sean Scott observes, "The right to privacy and the First Amendment both serve the same interest in individual autonomy." The disclosure of personal information can severely inhibit a person's autonomy and self-development. ... Privacy allows people to be free from worrying about what everybody else will think, and this is liberating and important for free choice. ... Protecting privacy can promote people's autonomy as much as free speech can.

pg 140: Anonymity allows people to be more experimental and eccentric without risking damage to their reputations. Anonymity can be essential to the presentation of ideas, for it can strip away reader biases and prejudices and add mystique to a text. People might desire to be anonymous because they fear social ostracism or being fire from their jobs. Without anonymity, some people might not be willing to express controversial ideas. Anonymity thus can be critical to preserving people's right to speak freely.

pg 140: When anonymous, people are often much nastier and more uncivil in their speech. It is easier to say harmful things about others when we don't have to take responsibility. When we talk about others, we affect non only their reputation but ours as well. If a person gossips about inappropriate things, betrays confidences, spreads false rumors and lies, then her own reputation is likely to suffer.

pg 141: When people can avoid being identified, they can slip away from their bad reputations. ... If entry and exit are too easy, commitment, trustworthiness, and reciprocity will not develop. In other words, anonymity inhibits the process by which reputations are formed, which can have both good and bad consequences. Not having accountability for our speech can be liberating and allow us to speak more candidly; but it can also allow us to harm other people without being accountable for it.

pg 159-160: Words can wound. They can destroy a person's reputation, and in the process distort that person's very identity. Nevertheless, we staunchly protect expression even when it can cause great damage because free speech is essential to our autonomy and to a democratic society. But protecting privacy and reputation is also necessary for autonomy and democracy. There is no easy solution to how to balance free speech with privacy and reputation. This balance isn't like the typical balance of civil liberties against the need for order and social control. Instead, it is a balance with liberty on both sides of the scale -- freedom to speak and express oneself pitted against freedom to ensure that our reputations aren't destroyed and our privacy isn't invaded.

pg 163: There is a difference between what is captured in the fading memories of only a few people and what is broadcast to a worldwide audience. The law, however, generally holds that once something is exposed to the public, it can no longer be private. Traditionally privacy is viewed in a binary way, dividing the world into two distinct realms, the public and the private. If a person is in a public place, she cannot expect privacy. If information is exposed to the public in any way, it isn't private.

pg 164-165: Today, privacy goes far beyond whether something is exposed to others. What matters most is the nature of the exposure and what is done with the information. There is a difference between casual observation and the more indelible recording of information and images.

pg 165: We often engage in our daily activities in public expecting to be just a face in the crowd, another ant in the colony. We run into hundreds of strangers every day and don't expect them to know who we are or to care about what we do. We don't expect the clerk at the store to take an interest in what we buy. In other words, we're relatively anonymous in a large part of our lives in public. Identification dramatically alters the equation.

pg 165: We realize that there are different social norms for different situations, and broadcasting matters beyond their original context takes away our ability to judge the situation appropriately

pg 166: Thus merely assessing whether information is exposed in public or to others can no longer be adequate to determining whether we should protect it as private. Unless we rethink the binary notion of privacy, new technologies will increasingly invade the enclaves of privacy we enjoy in public. Privacy is a complicated set of norms, expectations, and desires that goes far beyond the simplistic notion that if you're in public, you have no privacy.

pg 170: Privacy can be violated not just by revealing previously concealed secrets, but by increasing the accessibility to information already available. The desire for privacy is thus much more granular than the current binary model recognizes. Privacy involves degrees, not absolutes. It involves establishing control over personal information, not merely keeping it completely secret. As the computer security expert Bruce Scheier argues: "People are willing to share all sorts of information as long as they are in control. ..."

pg 173: Confidentiality differs substantially from secrecy. Secrecy involves hiding information, concealing it from others. Secrecy entails expectations that the skeletons in one's closet will remain shut away in darkness. In contrast, confidentiality involves sharing one's secrets with select others. Confidentiality is an expectation within a relationship. When we tell others intimate information, we expect them to keep it confidential. Sharing personal data with others makes us vulnerable. We must trust others not to betray us by leaking our information.

pg 179: Social network theory often focuses primarily on connections, but networks involve more than nodes and links. There are norms about information sharing that are held within certain groups, such as norms of confidentiality.

pg 184-185: A problem with the binary view of privacy is that it is an all-or-nothing proposition. We often don't want absolute secrecy. Instead, we want to control how our information is used, to whom it is revealed, and how it is spread. We want to limit the flow of information, not stop it completely. Moreover, different people have different entitlements to know information about others. ...

But is control over information really feasible? If we expose information to others, isn't it too difficult for the law to allow us still to control it? Perhaps the law is reticent in granting control because of the practical difficulties. Information spreads rapidly, sometimes like a virus, and it is not easily contained. But in other contexts, the law has developed a robust system of controlling information. For example, copyright law recognizes strong rights of control even though information is public.

pg 193: There is, of course, a limit to how much the law can do. The law is an instrument capable of subtle notes, but it is not quite a violin. Part of the solution depends upon how social norms develop with regard to privacy. The law's function is to lurk in the background, to ensure that people know that they must respect confidentiality or the privacy even of people in public. In the foreground, however, norms will largely determine how privacy shall be protected in the brave new online world.

pg 194: The law is a puny instrument compared to norms. As the law professor Tracey Meares observes, "Social norms are better and more effective constraints on behavior than law could ever be." Although the law can't supplant norms, it can sometimes help to shape them.
… (more)
 
Flagged
eri_kars | 2 other reviews | Jul 10, 2022 |
Would have been better as a long article,too much redundancy and restating of his position. Still,a valuable book and worth reading for his taxonomy of privacy framework if you are interested in the topic or find yourself needing a better vocabulary with which to talk about the nuances of privacy.
 
Flagged
simonking | 1 other review | Mar 3, 2022 |
The Book is meant to be a gentle introduction to Privacy Law. I recommend this to people interested in Law, Computer Science, Businesses. Almost all business are collecting information.

The meat of the book is applying Federal Constitutional Law specifically First, Third, Fourth and Fifth I have described in details in the following paragraphs. The following is how the book is organized:

1) Overview of Privacy Law
2) Privacy Law in Media
3) Law of domestic law enforcement
4) National Security Law
5) HIPAA
6) Government Records
7) Financial Data
8) Consumer Data
9) Data Security
10) Education Privacy
11) Employment Privacy
12) International Privacy Law

Let me add some key definitions for non-legal person so that they can understand and add their vocabulary:

Tort: Tort is infringement upon a right leading to a liability
False Light: False Light is similar to defamation (act of ruining someone’s name)
Statute: A law established by legal body

Example: (Late) Jayalalitha was the Chief Minister of Tamil Nadu. She was in this position for approximately 20 years. She frequently used defamation law in Tamil Nadu. This was to bring people to court. It was a way to portray public power, protect her honor and image. In this way, she was in power. In False light, the plaintiff (person who brings someone to court) proves that the defendant (accused) published false information.

The First Chapter of the book goes into types of Privacy Law:

The types of privacy law in this chapter is organized into Federal Constitutional Law, State Constitutional Law and International Law.

Torts: Tort law is usually state law. Most torts involve an invasion of Privacy case. Invasion of privacy is broad term.

The book narrows down into public disclosure of private facts, intrusion upon seclusion, false light, appropriation of name.

Torts commonly involved in privacy cases:

a) Breach of Confidentiality
b) Intentional infliction of Emotional Distress
c) Defamation (Libel and Slander)
d) Negligence
e) Criminal Law — Peeping Tom activity

Federal Constitutional Law:

In Federal Constitutional Law, laws that are guaranteed within United States as a country.
Following are the ways, U.S Constitution protects privacy of its citizens:

1) First Amendment, the right to speak anonymously
First Amendment gives the right to freedom of association. This protects privacy of one’s associations
2) Third Amendment’s protection of home from quartering of troops (I believe this is from the famous example of English troops gathering inside American houses)
3) Fourth Amendment protection against unreasonable searches and seizures.
4)Fifth Amendment privilege against self-incrimination
Constitutional right to privacy
Constitutional right to information privacy

State Constitutional Law:

This means, laws that are guaranteed within a state in United States.
Eg: California Const 1: “All people are by their nature free and independent, have inalienable rights. Among these are enjoying and defending life and liberty, acquiring, possession, and protecting property and pursuing and obtaining safety, happiness and privacy”

Federal Statutory Law: This is law written by law makers in legislative body. It’s up to judiciary (courts) to interpret them. The Book gives about 20-30 examples like Family Education Rights and Privacy Act of 1947, protects the privacy of school records.

State Statutory Law:

Much of privacy law is found in state law. Privacy tort law and data breach are state law. Areas of State Legislation on Privacy are
Law Enforcement (Wiretapping, electronic surveillance)
Medical and Genetic information (Medical records)
Government Records
Financial Privacy
Consumer Data and Business Records (Spam, Spyware, Telecommunications privacy, pretexting, use of SSN, data disposal, video privacy, RFID tracking devises, unauthorized access to computers and networks, restrictions on ISPs
Data Security (identity theft and data security breach notification)
Employment (State employee personal information, applications)

International Law:

Two approaches:
1) Omnibus is comprehensive approach for public and private sector
2) Sectoral: Each industry would have case by case statues

First Omnibus was designed by Europeans. Most countries adopted European omnibus approach.

Chief Privacy Officer: CPO is mainstay at many large organizations. CPO’s functions are as follows, employees are trained about privacy, the company is complying with the law. Lastly in this chapter, there’s a broad history of privacy law.

Chapter two talks about privacy and media:

States recognize privacy torts. They have application in variety of contexts. The Chapter gives examples of state laws and specific cases.

Chapter three is about Privacy and Law Enforcement:

This Chapter is based on the fourth amendment. The fourth amendment gives protection against unreasonable searches and seizers. This law is complex and not straightforward. In some cases, federal or state government can access people’s records.

Fourth amendment regulates domestic criminal investigations and national security investigations. Foreign intelligence gathering remains open. In short form, FISA is the main statute. Within fourth amendment, there’s three categories:

a) Criminal investigations,
b) Domestic national security investigation
c) Foreign intelligence gathering.

The chapter gives details about leading cases that involves fourth amendment. Some of the Intelligence agencies involved are FBI, CIA, NSA.


Chapter five is about health privacy:

In this chapter, HIPAA is most comprehensive and strictest privacy regulation.
Physicians and psychotherapists need to walk a fine line when dealing with confidentiality of patient. They could poses danger to others. Physicians cannot reveal confidential communication or information without consent of the patient, unless required by law.

They enjoy Physician-Patient Privilege, Psychotherapist-Patient Privilege. When the physician reveals patient’s confidential information, patient can bring a tort action as a beach of confidentiality.

Many states have specific statutes providing criminal and civil protections against disclosure of medical information. HIPPA doesn’t place restriction on de-identify data. De identified data means, a data which is not personally identifiable. This chapter gives many instances of cases where Government has fined private companies due to HIPPA violation. Also, the fourth amendment protects individual genetic data from Government officials seeking to obtain it.

Chapter 6 is about Government records:

Federal Agency have constitutional duties to make information available to public and to protect privacy of people’s data. Fair Information Practices was issued by US Department of Health, Education and Welfare.

FIPs is embodied throughout U.S privacy statutes. Under Common law, U.S Supreme Court concluded that public could access court records. What to release as public or say, privacy of court record is within the discretion of train court judges.

Privacy Act of 1974 applies to federal agencies. It does not apply to business, private sector organizations, courts, state or local government. It protects citizens and lawfully admitted aliens.

Chapter 7 is about Financial Data:

Fair Credit Reporting Act of 1970 regulates consumer reporting industry and provides privacy right in consumer reports.

An employer seeks a consumer report for employment purposes, he or she must disclose in writing to authorize that the report can be obtained.

This is in the context that this information would not violate equal employment opportunity. FCRA enforcement has played in United States vs Spokeo, a data broker which sold marketing consumer profiles to employers without complying with FCRA.

HireRight, an employment background screening company was subjected to FCRA because its reports are consumer reports. Right to Financial Privacy Act of 1978 protects customer records at financial institutions from federal government access.

Bank Secrecy Act of 1970 requires financial institutions to asset federal government agency to prevent money laundering and terrorist financing by detecting and reporting potentially suspicious activity.

Chapter 8 is about Consumer Data:

Federal laws regulate business data and consumer privacy offering different kinds of protections. The ways to safeguard are opt out rules vs opt in rules.

FTC plays an essential role in policing privacy practices of companies. Personally Identifiable Information is one of the most central concepts in privacy regulation. PII is any uniqueness in the data that can be used to identify a person.It defines scope and boundaries of privacy statues and regulations.

Basic assumption about consumer data is that in absence of PII, there is no privacy harm. Thus privacy regulation focuses on collection, use and disclosure of PII and leaves non-PII unregulated.

There are three ways to approach PII:

a) Tautological Approach - defines PII as any information that identifies a person
b) Nonpublic approach - defines PII as any non public information or non aggregate data eg: Gramm-Leach-Bliley Act, Cable Act
c) Specific-types approach: defines PII by listing specific types of data that constitute PII Examples: Children's Online Privacy Protection Act regulates collection and use of children’s information by internet websites by requiring parental consent.

Some of the leading cases that involve consumer privacy includes companies like Google, Apple, Facebook. In Fradley v Facebook, the case was concerned about facebook feature called sponsored stories.

Plaintiff alleged a coherent theory of how they were economically injuring misappropriation of their names, photographs and likeness for use in paid commercial endorsement. This was targeted not at themselves but at other consumers. The Judge requested more information. In August 2013, court approved $20 million settlement with Facebook.

Contract and Promissory estoppel:

Privacy policies that make promises about privacy. Consumers rely upon these privacy policies. This comes under contract and promissory estoppel.

Let me try to explain Promissory estoppel. It means, In the law of contracts, the doctrine that provides that if a party changes his or her position substantially either by acting or forbearing from acting.

To establish, Beach of contract, plaintiff must prove, existence of contract, breach of contract, damages that flow from the breach.

Are Privacy Policies Contracts?

Few courts have addressed this question. They agreed that privacy policies are not contracts. Google agreed to pay $22.5 million fine to FTC based on the charge that it violated its promises placed on tracking cookie on computers of safari users.

Telecommunication act requires telecommunication carrier to protect confidentiality of proprietary information and data relating to customers.
Telephone consumer protection Act of 1991 permits people to stop unwanted telemarketing calls.

Computer Fraud and Abuse act prevents unauthorized access to computers. There are cases where people have been fined due to unauthorized access to someone else’s computer.

LVRC Holdings vs Brekka is an example case. Brekka was an employee. He emailed files to himself from workplace computer before he was to leave the office. He did not access the computer without authorization since he originally had permission to use the computer. Majority of courts summarized that he had authorized rights until his employer revoked his employment. Many states have mini FTC that enforces unfair and deceptive and practices act.

States have laws restricting use of RFID devices.In California, Eraser or Right to be Forgotten laws are included in privacy rights for California minors in digital world act.

In Illinois, Illinois Biometric Information Privacy Act requires companies to obtain individual consent before collecting or disclosing biometric identifiers.

California online privacy protection act enforces that operators must post noticeable privacy policy on their websites that describes PII being collected, how it will be shared with third parties.

This is in the context of marketing departments for companies. Several states have anti spyware laws. Another California law prohibits unauthorized user from willfully loading software into the computer of California resident and using the software to carry out number of forbidden activities. Iowa, Texas, Washington have similar privacy laws.


Chapter 9 talks about Data Security:

This chapter talks about Data Security. In United States, all states have enacted data breach notification statues. These laws contain important differences that make multistage notifications complex undertakings. FTC brought about 60 enforcement actions concerning poor security practices.

Data Breach notification statues:
A Statue is written law passed by legislative body. California’s Data Security Breach Notification Statue: California enacted the first data security breach statue after data security breach at ChoicePoint.

Since then, various states have enacted data security breach statues.
They are based on the following elements:
-Trigger for notice
-Exceptions to Notification
-Parties to Whom Disclosure is Required
-Enforcement

A Number of Companies have been charged by FTC under Section 5 due to the fact that these companies failed to adequately protect security of personal information.

AT&T settled largest amount of money in history of data breach. They settled $25 million with FTC for call center data breach in Mexico Office and Philippines. The breach was the result of employee unauthorized use of customers information, jeopardizing the confidentiality of almost 280,000 customers.

In addition to the money penalty, FCC ordered AT&T to appoint compliance officer, develop and implement a compliance plan that included risk assessment, review and training, and provide notice to affected customers.

What constitutes privacy harm? Any breach that attempted to use customers personal information to identify them.

Data Retention and Disposal:
In the United States, numerous states have enacted laws that require business to destroy personal information in a safe and effective fashion once it will no longer retain it.

Chapter 10 is about Education Privacy:

Student education record is protected by Family Education Rights and Privacy Act (FERPA). It is a federal statue. In Previous chapter, we saw that statue is written law passed by legislative body.

Students have fourth amendment right against seizures, unreasonable search. Schools must inform students about FERPA. FERPA’s rights are tied to guardian/parents for Students who are under eighteen.

Chapter 11 and 12 is about Employment and International Privacy. I do not have space to write them down. I hope you enjoy the book!
… (more)
 
Flagged
gottfried_leibniz | Oct 4, 2019 |
An excellent historical perspective to privacy. The only drawback is the main focus on the US laws and the EU or Asian privacy rights is put aside. If you are interested in privacy, this is a must to have.
½
 
Flagged
adulau | 1 other review | Oct 8, 2010 |

You May Also Like

Statistics

Works
12
Members
480
Popularity
#51,408
Rating
½ 3.7
Reviews
6
ISBNs
45

Charts & Graphs