Transcription of A Legal Guide to Privacy and Data Security 2016
1 A Legal Guide To Privacy AND data Security 2016 ISBN 1-888404-71-XPrinted on Recycled Paper With a Minimum of 10% Postconsumer WasteA Legal Guide To Privacy AND data Security is available without charge from the Minnesota Department of Employment and Economic Development, Small Business Assistance Of ce, 1st National Bank Building, 332 Minnesota Street, Suite E-200, St. Paul, MN 55101-1351. Telephone: (651) 556-8425 or (800) 310-8323 Fax: (651) 296-5287 | Email: Website: sbao/This Guide is also available from Gray Plant Mooty, 500 IDS Center, 80 South Eighth Street, Minneapolis, MN 55402 Telephone: (612) 632-3000 Upon request, this publication can be made available in alternative formats by contacting (651) 259-7476.
2 The Minnesota Department of Employment and Economic Development is an equal opportunity employer and service provider. A Legal Guide ToPRIVACY ANDDATA SECURITYM arch 2016 A Collaborative EffortMinnesota Department of Employment and Economic Development Gray Plant MootyCopyright 2016 Minnesota Department of Employment and Economic Development and Gray Plant MootyISBN 1-888404-71-XPrimary Author: Michael R. CohenCIPP/US, CIPP/ETABLE OF CONTENTSDISCLAIMER .. Legal BASIS FOR A RIGHT TO LAWS GOVERNING data Privacy AND Security ..3 Welcome to federal data Privacy law and the world of acronyms.
3 3 The Use and Disclosure of Financial Information ..4 Gramm-Leach-Bliley Act (GLBA) ..4 Fair Credit Reporting Act (FCRA) and Fair Accurate Credit Transactions Act (FACTA) ..10 Use and Disclosure of Medical Information ..15 The Health Insurance Portability and Accountability Act (HIPAA) ..15 Medical Research - The Common Rule ..20 Federal Trade Commission Act (FTC Act) ..20 FTC Online Behavioral Advertising Principles ..30 Children s Online Privacy And Protection Act (COPPA)..31 Controlling The Assault Of Non-Solicited Pornography And Marketing Act (CAN-SPAM).
4 36 The Telephone Consumer Protection Act (TCPA) [47 227]..38i Telemarketing and Consumer Fraud and Abuse Prevention Act [15 6101-6108]..43 Deceptive Mail Prevention and Enforcement Act (DMPEA)..44 Junk Fax Prevention Act (JFPA) ..44 Computer Fraud and Abuse Act (CFAA) [18 1030 (c)] ..45 Electronic Communications Privacy Act (ECPA) [18 2510-3127] ..46 Federal Laws Related To Social Security Numbers ..47 The Drivers Privacy Protection Act (DPPA) [18 2721-2725] ..48 Video Privacy Protection Act (VPPA) [18 2710].
5 49 Other Federal Privacy Laws ..49 The National Institute Of Standards And Technology (NIST) Cybersecurity Framework ..52 Proposed Federal Legislation ..53 Privacy AND THE EMPLOYMENT RELATIONSHIP ..57 Discrimination Laws ..58 Protected Activity Laws ..59 Applicant Screening Laws ..63 Employee Privacy Considerations ..65 Federal Laws Applicable To Electronic Communications and data ..68 The Electronic Communications Privacy Act (ECPA or the Wiretap Act ) ..69 The Stored Communications Act (SCA) [18 2701, et seq.]
6 ] ..69 The Computer Fraud and Abuse Act (CFAA) [18 1030, et seq.] ..70 ii References and Recommendations ..71 Safeguarding Confidential and Proprietary Information ..71 Employer Policies and Practices ..72 STATE data Privacy AND Security LAWS ..75 Minnesota data Privacy and Security Laws ..76 Minn. Stat. Internet Service Providers ..76 Minn. Stat. Identity Theft ..76 Minn. Stat. data Breach Notification ..76 Minn. Stat. data Breach Notification ..76 (Government Agencies).
7 76 Minn. Stat. Minnesota Government data Practices Act ..77 Minn. Stat. Government Websites ..77 Minn. Stat. Plastic Card Security Act ..77 Minn. Stat. Use of Social Security Numbers ..77 Minn. Stat. Wiretap law ..77 Internet Service Providers [Minn. Stat. ] ..77 California ..106 Massachusetts ..109 Other State Privacy and Breach Notification Laws ..110 State Breach Notification Laws ..110 State data Protection and Security Laws.
8 112 GLOBAL Privacy AND data Security LAW ..113 EU 1995 data Directive ..114 Transfer of Personal data Outside Of The European Union ..120 Prior US-EU Safe Harbor ..121 Model Contracts ..124 Binding Corporate Rules ..124iii CANADA ..127 Personal Information Protection and Electronic Documents Act (PIPEDA) ..127 Canada Anti-Spam Law [SC 2010,C23] ..129 BEST PRACTICES ..131 Key Questions Every Business Should Ask Related To data Privacy and Security .
9 131 Establish a Compliance Program ..135 Customized Program ..135 Security Incident and data Breach Plan ..135 Mitigating Risk By Contract .. 139 Insurance ..140 Physical Safeguards/Office Design ..141 Storage And Maintenance Of Electronic data ..142 Document Retention - Storage And Maintenance Of Hard Copies ..142 Technical Safeguards ..143 Encryption, Encryption, Encryption.
10 144 Limit Access ..144 Limit data Collected ..145 Remote Access ..145 Administrative Safeguards ..146 FINAL THOUGHTS - WHAT IS NEXT? ..149 Privacy LAW TIMELINE ..155 SOURCES OF INFORMATION ON data Privacy AND Security ..159 Other government sites and publications that provide Privacy related information..160 Other Useful Websites ..161 Selected Books, Articles and Treatises on Privacy ..162ivDISCLAIMERThis Guide is designed to alert businesses to Legal issues related to Privacy and data Security .
