Over a century ago, Justices Louis Brandeis and Samuel Warren introduced the concept of a right to privacy in a famous law review article. Brandeis is often quoted, characterizing the right to privacy as “the right to be left alone -- the most comprehensive of rights, and the right most valued by a free people.”
Information privacy issues arise anywhere personal information is collected and stored. It concerns an individual’s right to control his/her personal information held by others. Various forms of personal information include those involving lifestyle, finances, health, politics, and information revealed on the Internet.
Internet privacy issues exist when personal information is captured from a website visitor, compiled by website operators, and transmitted to others. Personal information is also collected by software that is covertly installed on a user’s computer, called spyware. The question of data security also encompasses the monitoring of email and website usage by email service providers, employers, government, and law enforcement.
After the September 11th terrorist attacks, the passage of the “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001” (“USA Patriot Act”) intensified the privacy debate. The Patriot Act expands the authority of law enforcement agencies to monitor Internet activities, telephone communications, medical, and financial records.
Information privacy in the U.S. is not uniformly regulated under a single comprehensive body of law. Rather, its regulations are a rapidly evolving “patchwork” of laws that address the protection of privacy issue by issue. The Federal Trade Commission Act (the “FTC Act”) may be the most inclusive protection of privacy rights. It addresses privacy issues under its general prohibition against “unfair or deceptive trade practices.” Many actions against spyware companies have been enforced under the “unfair practices” provision.
The Children’s Online Privacy Protection Act (COPPA) mandates that commercial websites , which direct online services to children under 13, or that knowingly collect information from them, inform parents of their information practices, and obtain verifiable parental consent before collecting, using, or disclosing personal information from children.
The Health Insurance Portability and Accountability Act (HIPAA) protects how an individual’s health information is used by organizations and disclosed to others. All health care providers, insurance companies, employer-sponsored health plans and HMOs are the covered entities, which must comply with this privacy rule’s guidelines. The covered entities of HIPAA are one of the most extensively regulated niches, regarding information privacy.
The FTC Act, COPPA, and HIPAA are only a few, of many, statutes that aim to protect information privacy. There is a flood of new laws designed to address the complexity of information privacy.
U.S. companies should be particularly cautious with e-commerce, because the European Union (EU) has far stricter privacy regulations, which can affect U.S. companies. The EU Data Privacy Directive prohibits EU organizations from transferring personal data to countries where privacy protection is not deemed adequate. To prevent the interruption of data transfers from the EU to the U.S., the EU approved a “safe harbor.” The safe harbor permits U.S. companies that voluntarily abide by the safe harbor principles to continue data transfers with the EU member states. U.S. companies within the safe harbor are presumed to provide adequate privacy protection.
If you are interested in additional information on the topic of information privacy, or if you have any questions, please contact a K&K attorney. K&K offers an array of services in the areas of intellectual property including patents, trademarks, copyrights, trade secrets as well as intellectual property litigation and enforcement. Further information on these and other services is available at www.kk-llp.com.
