Ethics in Technology - C961 Final Study Guide questions and answers verified

Information privacy the combination of communications privacy and data privacy. communications privacy the ability to communicate with others without those communications being monitored by other persons or organizations data privacy Ability to limit access to one's personal data by other individuals and organizations in order to exercise a substantial degree of control over that data and their use. Fair Credit Reporting Act 1970 Regulates the operations of credit reporting bureaus: collected, stored, used. Enforced by U.S. Federal Trade Commission: to ensure accuracy, fairness, and privacy of information. Provides guidelines for orgs whose systems gather and sell information Right to Financial Privacy Act 1978 Protects records of financial cust. from unauthorized scrutiny by federal gov. Customer must receive written notice that a federal agency intends to obtain his or her financial records. Act only governs disclosures to federal gov. it does not cover disclosures to private businesses or state and local governments Under the Right to Financial Privacy Act 1978 the Federal government must obtain one of the following An authorization signed by the customer that identifies records, the reasons the records are requested, and customer's rights under the act. An appropriate administrative or judicial subpoena or summons. A qualified search warrant or a formal written request by a government agency - can be used only if no administrative summons or subpoena authority is available Gramm-Leach-Bliley Act aka GLBA - 1999 also known as the Financial Services Modernization Act of 1999, was a bank deregulation law that repealed a Depression-era law known as Glass-Steagall. Glass-Steagall prohibited any one institution from offering investment, commercial banking, and insurance services; individual companies were only allowed to offer one of those types of financial service products. GLBA enabled such entities to merge. Financial Privacy Rule Part of the GBLA aka Gramm-Leach-Bliley Act. Established mandatory guidelines for collection, disclosure of financial information by orgs. Co. must provide privacy notice, explaining what data is gathered, whom is shared, used, and protected. Must also explain the consumer's right to opt out Safeguards Rule Part of the GBLA. This rule requires each financial institution to document a data security plan describing its preparation and plans for the ongoing protection of clients' personal data. Pretexting Rule Part of the GBLA. This rule addresses attempts by people to access personal information without proper authority by means such as impersonating an account holder or phishing. GLBA encourages financial institutions to implement safeguards against pretexting. Fair and Accurate Credit Transactions Act 2003 This act allows consumers to request and obtain a free credit report once each year from each of the three primary consumer credit reporting companies. Helped establish National Fraud Alert system to prevent identity theft. Under this system, consumers who suspect that they have been or may become a victim of identity theft can place an alert on their credit files. The alert places potential creditors on notice that they must proceed with caution when granting credit Health Insurance Portability and Accountability Act - 1996 designed to improve the portability and continuity of health insurance coverage; to reduce fraud, waste, and abuse in health insurance and healthcare delivery; and to simplify the administration of health insurance. HIPAA requires healthcare organizations to employ standardized electronic transactions, codes, and identifiers to enable them to fully digitize medical records, thus making it possible to exchange medical data over the internet. Under HIPAA provisions healthcare providers must obtain written, consent from patients prior to disclosing any information from their medical records. Thus, patients need to sign a HIPAA disclosure form each time they are treated at a hospital, and such a form must be kept on file with their primary care physician. The American Recovery and Reinvestment Act - 2009 - Title XIII Subtitle D, known as Health Information Technology for Economic and Clinical Health Act, or HITECH, included strong privacy provisions for electronic health records aka EHRs, including banning sale of health information, promoting use of audit trails and encryption, providing rights of access for patients. It also mandated that each individual whose health information has been exposed be notified within 60 days after the discovery of a data breach. Family Educational Rights and Privacy Act - FERPA Federal law that assigns certain rights to parents regarding their children's educational records. These rights transfer to the student once the student reaches the age of 18, or earlier if he or she attends a school beyond the high school level. Educational agencies and institutions may disclose education records to the parents of a dependent student, as defined in Section 152 of the Internal Revenue Code of 1986, without the student's consent. ... ... Children's Online Privacy Protection Act - 1998 aka COPPA Websites that caters to children must offer comprehensive privacy policies, notify parents or guardians about its data collection practices, and receive parental consent before collecting any personal information from children under 13 years of age. COPPA was implemented in 1998 in an attempt to give parents control over the collection, use, and disclosure of their children's personal information; it does not cover the dissemination of information to children. legislation that protects people from data privacy abuses by corporations is almost nonexistent Title III of the Omnibus Crime Control and Safe Streets Act regulates the interception of wire - telephone and oral communications. Wiretap Act Another name for Title III of the Omnibus Crime Control and Safe Streets Act FISA aka Foreign Intelligence Surveillance Act of describes procedures for the electronic surveillance and collection of foreign intelligence information between foreign powers and agents of foreign powers. ... ... ECPA aka Electronic Communications Privacy Act protection of communications while in transit from sender to receiver; the protection of communications held in electronic storage; and the prohibition of devices from recording dialing, routing, addressing, and signaling information without a search warrant. The Communications Assistance for Law Enforcement Act - CALEA requires the telecommunications industry to build tools into its products that federal investigators can use—after gaining a court order—to eavesdrop on conversations and intercept electronic communications. The USA PATRIOT Act modified 15 existing statutes, gave sweeping new powers both to domestic law enforcement and to international intelligence agencies, including increasing the ability of law enforcement agencies to eavesdrop on telephone communication; intercept email messages; search medical, financial, other records. Act also eased restrictions on foreign intelligence gathering in US FISA of 2004 authorized intelligence gathering on individuals not affiliated with any known terrorist organization, so-called lone wolves. The FISA Amendments Act of 2008 granted the NSA expanded authority to collect, without court-approved warrants, international communications as they flow through the U.S. telecommunications equipment and facilities. The PATRIOT Sunsets Extension Act "granted a four-year extension of provisions of the USA PATRIOT Act that allowed roving wiretaps and searches of business records. It also extended authorization for intelligence gathering on ""lone wolves.""" The USA Freedom Act Terminated the bulk collection of telephone metadata by the NSA, instead requiring telecommunications carriers to hold the data and respond to NSA queries for data. The act also restored authorization for roving wiretaps and the tracking of lone wolf terrorists. Fair information practices a general set of guidelines to regulate the collection and use of personal data. Various organizations and countries have developed their own set of such guidelines and call them by different names. The Organisation for Economic Co-operation and Development - OECD - for the Protection of Privacy and Transborder Data Flows of Personal Data created a set of fair information practices that are often held up as the model for organizations to adopt for the ethical treatment of consumer data. The European Union aka EU Data Protection Directive requires member countries to protect data transferred to non-EU countries. IBars the export of data to countries that do not have data privacy protection standards comparable to those of the EU. After the passage of this directive, the EU and the United States worked out an agreement that allowed U.S. companies that were certified to store data of European consumers and companies. The EU-U.S. Privacy Shield Data Transfer Program Guidelines a stop-gap measure that allows businesses to transfer personal data about European citizens to the United States. The guidelines were established after the European Court of Justice declared the Safe Harbor agreement invalid between the EU and the United States. The General Data Protection Regulation aka GDPR addresses the export of personal data outside the EU, enabling citizens to see and correct their personal data, standardizing data privacy regulations within the EU, and establishing substantial penalties for the violation of its guidelines. FOIA aka Freedom of Information Act grants citizens the right to access certain information and records of the federal government upon request. The Privacy Act prohibits U.S. government agencies from concealing the existence of any personal data record-keeping system. Security safeguards are focused on "unauthorized access, modification, or disclosure of personal data," purpose specification is focused on the explicitly specified purpose of data collection and the absence of the consequent change of the collected data. Personal data are being collected electronically in many ways that are not apparent to the consumer. Simply visiting a website or using an app may trigger an automatic permission to collect data about you. identifying personal information "is protected," anonymous data about you may be sold to or shared with third parties without explicit consent. Companies use many different methods to "collect personal data about visitors to their websites, including depositing cookies on visitors' hard drives." Consumer data privacy has become a major marketing issue; companies that cannot protect or do not respect customer information have lost business and have become defendants in class actions stemming from privacy violations. A data breach unintended release of sensitive data such as credit card numbers, insurance IDs, ssn, by unauthorized individuals. Number of data breaches is alarming, a number of states have passed data breach notification laws that require companies to notify affected customers. A real risk that exists for society today is a data breach in which personally identifying information is stolen. This can cause financial loss and identity theft. Ethics dictates that significant data breaches of personal information should be "found and quickly dealt with. The victims whose data were taken should be notified, though private companies do not have a federal mandate to do this. It is up to each state to enforce laws pertaining to data breaches unless the company is publicly traded." E-discovery "the collection, preparation, review, and production of electronically stored information for use in criminal and civil actions and proceedings."