Page 164 -
P. 164
Chapter 4 Ethical and Social Issues in Information Systems 163
TABLE 4.3 FEDERAL PRIVACY LAWS IN THE UNITED STATES
GENERAL FEDERAL PRIVACY LAWS PRIVACY LAWS AFFECTING PRIVATE INSTITUTIONS
Freedom of Information Act of 1966 as Amended (5 USC 552) Fair Credit Reporting Act of 1970
Privacy Act of 1974 as Amended (5 USC 552a) Family Educational Rights and Privacy Act of 1974
Electronic Communications Privacy Act of 1986 Right to Financial Privacy Act of 1978
Computer Matching and Privacy Protection Act of 1988 Privacy Protection Act of 1980
Computer Security Act of 1987 Cable Communications Policy Act of 1984
Federal Managers Financial Integrity Act of 1982 Electronic Communications Privacy Act of 1986
Driver’s Privacy Protection Act of 1994 Video Privacy Protection Act of 1988
E-Government Act of 2002 The Health Insurance Portability and Accountability Act of 1996
(HIPAA)
Children’s Online Privacy Protection Act (COPPA) of 1998
Financial Modernization Act (Gramm-Leach-Bliley Act) of 1999
these laws, regulating the federal government’s collection, use, and disclosure
of information. At present, most U.S. federal privacy laws apply only to the
federal government and regulate very few areas of the private sector.
Most American and European privacy law is based on a regime called Fair
Information Practices (FIP) first set forth in a report written in 1973 by a
federal government advisory committee and updated most recently in 2010 to
take into account new privacy-invading technology (FTC, 2010; U.S. Department
of Health, Education, and Welfare, 1973). FIP is a set of principles governing the
collection and use of information about individuals. FIP principles are based
on the notion of a mutuality of interest between the record holder and the
individual. The individual has an interest in engaging in a transaction, and
the record keeper—usually a business or government agency—requires infor-
mation about the individual to support the transaction. Once information is
gathered, the individual maintains an interest in the record, and the record
may not be used to support other activities without the individual’s consent.
In 1998, the FTC restated and extended the original FIP to provide guidelines
for protecting online privacy. Table 4.4 describes the FTC’s Fair Information
Practice principles.
TABLE 4.4 FEDERAL TRADE COMMISSION FAIR INFORMATION PRACTICE PRINCIPLES
1. Notice/awareness (core principle). Web sites must disclose their information practices before collecting data. Includes identification of
collector; uses of data; other recipients of data; nature of collection (active/inactive); voluntary or required status; consequences of refusal;
and steps taken to protect confidentiality, integrity, and quality of the data.
2. Choice/consent (core principle). There must be a choice regime in place allowing consumers to choose how their information will be used
for secondary purposes other than supporting the transaction, including internal use and transfer to third parties.
3. Access/participation. Consumers should be able to review and contest the accuracy and completeness of data collected about them in a
timely, inexpensive process.
4. Security. Data collectors must take responsible steps to assure that consumer information is accurate and secure from unauthorized use.
5. Enforcement. There must be in place a mechanism to enforce FIP principles. This can involve self-regulation, legislation giving consumers
legal remedies for violations, or federal statutes and regulations.
MIS_13_Ch_04_Global.indd 163 1/18/2013 10:27:40 AM
