Search

Your search keyword '"Stevens, Gina Marie"' showing total 23 results
Start Over Author "Stevens, Gina Marie"
23 results on '"Stevens, Gina Marie"'

2. Protection of security-related information

Author

Stevens, Gina Marie and Tatelman, Todd B.

Subjects
Data security -- Management, National security -- Management, Freedom of Information Act, Data security issue, Company business management
Abstract

September 27, 2006 Summary The terrorist attacks of September 11 prompted a reevaluation of how to balance public access to information with the need for safety and security. The accumulation […]

Published
2006

3. Government access to phone calling activity and related records: legal authorities

Author

Bazan, Elizabeth B., Stevens, Gina Marie, and Yeh, Brian T.

Subjects
United States. Federal Bureau of Investigation -- Powers and duties, United States. National Security Agency -- Ethical aspects, United States. National Security Agency -- Investigations, Telephone calls -- Political aspects, Telephone calls -- Investigations, Telecommunications services industry -- Laws, regulations and rules, Telecommunications services industry -- Political aspects, Communications industry -- Laws, regulations and rules, Communications industry -- Political aspects, Telecommunications services industry, Company legal issue, Government regulation
Abstract

Summary Recent media disclosures regarding an alleged National Security Agency (NSA) program designed to collect and analyze information on telephone calling patterns within the United States have raised interest in […]

Published
2006

5. Privacy: An Overview of Federal Statutes Governing Wiretapping and Electronic Eavesdropping: 98-326.

Author

Stevens, Gina Marie and Doyle, Charles

Subjects
EAVESDROPPING, WIRETAPPING, FEDERAL laws, RIGHT of privacy, CONFIDENTIAL communications
Abstract

This report provides an overview of federal law governing wiretapping and electronic eavesdropping. It also appends citations to state law in the area and contains a bibliography of legal commentary as well as the text of the Electronic Communications Privacy Act (ECPA) and the Foreign Intelligence Surveillance Act (FISA). It is a federal crime to wiretap or to use a machine to capture the communications of others without court approval, unless one of the parties has given their prior consent. It is likewise a federal crime to use or disclose any information acquired by illegal wiretapping or electronic eavesdropping. Violations can result in imprisonment for not more than five years; fines up to $250,000 (up to $500,000 for organizations); in civil liability for damages, attorneys' fees and possibly punitive damages; in disciplinary action against any attorneys involved; and in suppression of any derivative evidence. Congress has created separate but comparable protective schemes for electronic communications (e.g., e-mail) and against the surreptitious use of telephone call monitoring practices such as pen registers and trap and trace devices. Each of these protective schemes comes with a procedural mechanism to afford limited law enforcement access to private communications and communications records under conditions consistent with the dictates of the Fourth Amendment. The government has been given narrowly confined authority to engage in electronic surveillance, conduct physical searches, install and use pen registers and trap and trace devices for law enforcement purposes under the Electronic Communications Privacy Act and for purposes of foreign intelligence gathering under the Foreign Intelligence Surveillance Act. Two FISA provisions, born in the USA PATRIOT Act and dealing with roving wiretaps (section 206) and business records (section 215), are scheduled to expire on December 31, 2009. This report includes a brief summary of the expired Protect America Act, P.L. 110-55 and of the Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008, P.L. 110-261 (H.R. 6304). It is available in an abridged form without footnotes, quotations, or appendices as CRS Report 98-327, Privacy: An Abbreviated Outline of Federal Statutes Governing Wiretapping and Electronic Eavesdropping, by Gina Stevens and Charles Doyle. [ABSTRACT FROM AUTHOR]

Published
2009

6. Privacy: An Overview of Federal Statutes Governing Wiretapping and Electronic Eavesdropping.

Author

Stevens, Gina Marie and Doyle, Charles

Subjects
WIRETAPPING, EAVESDROPPING, FOREIGN Intelligence Surveillance Act of 1978 Amendments Act of 2008, KATZ v. United States, WIRETAPPING laws, EAVESDROPPING laws
Abstract

The article focuses on a report related to federal law governing wiretapping and electronic eavesdropping in the U.S., released by the U.S. Congressional Research Service (CSR) as of December 3, 2009. Topics discussed include the U.S. Foreign Intelligence Surveillance Act (FISA), the U.S. Supreme Court case Katz v. United States, and illegal disclosure of information obtained by wiretapping or electronic eavesdropping.

Published
2009

7. Privacy: An Abbreviated Outline of Federal Statutes Governing Wiretapping and Electronic Eavesdropping: 98-327.

Author

Stevens, Gina Marie and Doyle, Charles

Subjects
WIRETAPPING, WIRETAPPING laws, ELECTRONIC surveillance, LISTENING, RECONNAISSANCE operations
Abstract

t is a federal crime to intentionally wiretap or electronically eavesdrop on the conversation of another without a court order or the consent of one of the parties to the conversation. Moreover, in eleven states, it is a state crime for anyone other than the police to intentionally wiretap and/or electronically eavesdrop on the conversation of another without the consent of all of the parties to the conversation. The federal crimes are punishable by imprisonment for up to five years and expose offenders to civil liability for damages, attorneys' fees, and possibly punitive damages. State crimes carry similar consequences. Even in states where one party consent interceptions are legal, they may well be contrary to the professional obligations of members of the bar. The proscriptions often include a ban on using or disclosing the fruits of an illegal interception. Statutory exceptions to these general prohibitions permit judicially supervised wiretapping or electronic eavesdropping conducted for law enforcement or foreign intelligence gathering purposes. Similar regimes - proscriptions with exceptions for government access under limited circumstances - exist for telephone records, e-mail and other forms of electronic communications. [ABSTRACT FROM AUTHOR]

Published
2008

8. Electronic Personal Health Records: RS22760.

Author

Stevens, Gina Marie

Subjects
MEDICAL records, ELECTRONIC records, MEDICAL care, HEALTH insurance laws, INSURANCE law
Abstract

The Administration, Congress, foundations, and the private sector have undertaken various initiatives to promote the adoption of electronic health records (EHRs) as part of the national health information infrastructure. An electronic personal health record (EPHR) is a database of medical information collected and maintained by an individual. Commercial suppliers, health care providers, health insurers, employers, medical websites, and patient advocacy groups offer EPHRs. Congress has held hearings on electronic personal health records, and legislation has been introduced (S. 1456), ordered to be reported (H.R. 2406), and reported (S. 1693). Electronic personal health records are controversial among privacy advocates and patients, who are concerned about health information privacy and security, and misuse of individually identifiable health information. The extent to which electronic personal health records are protected by the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule is discussed herein. This report will be updated. Background. In 2004, the President and the Department of Health and Human Services (HHS) launched an initiative to make electronic health records available to most Americans within the next ten years, and to transform the health care system by lowering costs, reducing medical errors, and improving quality of care.1 The President called on HHS to develop and implement a strategic plan to guide the nationwide implementation of health information technology that would, among other things, allow EHRs to be shared across healthcare systems and providers.2 Many are concerned about the privacy and security of EPHRs; the potential for the exploitation of personal medical information [ABSTRACT FROM AUTHOR]

Published
2007

9. Information Security and Data Breach Notification Safeguards: RL34120.

Author

Stevens, Gina Marie

Subjects
DATA protection laws, COMPUTER security laws, RIGHT of privacy, INFORMATION services laws, SECURITY management, LEGISLATIVE bills, COMPUTER hacking
Abstract

Information security and breach notification requirements are imposed on some entities that own, possess, or license sensitive personal information. Information security standards are designed to protect personally identifiable information from compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or other situations where unauthorized persons have access or potential access to personally identifiable information for unauthorized purposes. Data breach notification laws require covered entities to provide notice to affected persons (e.g., cardholders, customers) about the occurrence of a data security breach involving personally identifiable information. Data security breaches occur when fraudulent accounts are created, laptops or computers are stolen or hacked, passwords are compromised, insiders or employees steal data, or discs or back-up tapes are misplaced. The following report analyzes the Privacy Act, the Federal Information Security Management Act, Office of Management and Budget Guidance, the Veterans Affairs Information Security Act, the Health Insurance Portability and Accountability Act, and the Gramm-Leach-Bliley Act. [ABSTRACT FROM AUTHOR]

Published
2007

10. Enforcement of the HIPAA Privacy Rule: RL33989.

Author

Stevens, Gina Marie

Subjects
HEALTH Insurance Portability & Accountability Act, MEDICAL care, CONSUMER protection, LIABILITIES (Accounting)
Abstract

Concerns have been raised that the HIPAA Privacy Rule is being insufficiently enforced by the Departments of Health and Human Services (HHS) and Justice (DOJ). P.L. 104-191, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), directed HHS to adopt standards to facilitate the electronic exchange of health information for certain financial and administrative transactions. The HIPAA Privacy Rule was adopted by HHS as the national standard for the protection of individually identifiable health information. It regulates the use and disclosure of protected health information by health plans, health care clearinghouses, and health care providers who transmit financial and administrative transactions electronically; establishes a set of basic consumer protections; permits any person to file an administrative complaint for violations; and authorizes the imposition of civil or criminal penalties. Enforcement of the Privacy Rule began in 2003. On March 16, 2006, the Final HIPAA Administrative Simplification Enforcement Rule went into effect. The Enforcement Rule has both procedural and substantive provisions, and is applicable to all HIPAA administrative simplification standards. The Enforcement Rule establishes procedures for the imposition of civil money penalties on entities that violate rules adopted by the Secretary to implement the Administrative Simplification provisions of HIPAA. It also amends existing rules relating to the process for imposition of civil money penalties, and clarifies the investigation process, the bases for liability, determination of the penalty amount, grounds for waiver, conduct of the hearing, and the appeal process. Lawmakers and others are examining the statutory and regulatory framework for enforcement of the HIPAA Administrative Simplification standards, and ways to ensure that agencies use their enforcement authority to the fullest extent under HIPAA to address improper uses and disclosures of protected health information. This report discusses enforcement of the HIPAA administrative simplification provisions by HHS and DOJ, and provides an overview of the HIPAA Administrative Simplification Enforcement Rule. This report will be updated when warranted.< [ABSTRACT FROM AUTHOR]

Published
2007

11. Government Access to Phone Calling Activity and Related Records: Legal Authorities: RL33424.

Author

Bazan, Elizabeth B., Stevens, Gina Marie, and Yeh, Brian T.

Subjects
TELEPHONE companies, POLITICAL crimes & offenses, TELEPHONE call accounting, INTELLIGENCE service, TELECOMMUNICATION systems, NATIONAL security laws
Abstract

Recent media disclosures regarding an alleged National Security Agency (NSA) program designed to collect and analyze information on telephone calling patterns within the United States have raised interest in the means by which the Government may collect such information. The factual information available in the public domain with respect to any such alleged program is limited and in some instances inconsistent, and the application, if at all, of any possibly relevant statutory provisions to any such program is likely to be a very fact specific inquiry. It is possible that any information provided to the NSA from the telephone service providers was provided in response to a request for information, not founded on a statutory basis. If this were the case, such a request would not necessarily be limited by the statutory structures discussed below, but in some instances, depending upon the facts involved, might expose the telephone companies to some civil remedies or criminal sanctions. In addition, a request, not founded upon a statutory scheme, would appear to lack a means of compelling production of the information requested. This would seem to be consistent with the statement in the USA Today article that one of the companies refused to comply with NSA's request for calling detail records, while at least one other company appears to have complied. This report will summarize statutory authorities regarding access by the Government, for either foreign intelligence or law enforcement purposes, to information related to telephone calling patterns or practices. Where pertinent, we will also discuss statutory prohibitions against accessing or disclosing such information, along with relevant exceptions to those prohibitions. [ABSTRACT FROM AUTHOR]

Published
2006

12. Privacy: An Abbreviated Outline of Federal Statutes Governing Wiretapping and Electronic Eavesdropping: 98-327.

Author

Stevens, Gina Marie and Doyle, Charles

Subjects
ELECTRONIC surveillance laws, EAVESDROPPING laws, WIRETAPPING laws, RIGHT of privacy, COURT orders, FEDERAL laws, STATE laws, STATUTES, LAW enforcement, RECONNAISSANCE operations, FEDERAL government
Abstract

It is a federal crime to intentionally wiretap or electronically eavesdrop on the conversation of another without a court order or the consent of one of the parties to the conversation. Moreover, in eleven states, it is a state crime for anyone other than the police to intentionally wiretap and/or electronically eavesdrop on the conversation of another without the consent of all of the parties to the conversation. The federal crimes are punishable by imprisonment for up to five years and expose offenders to civil liability for damages, attorneys' fees, and possibly punitive damages. State crimes carry similar consequences. Even in states where one party consent interceptions are legal, they may well be contrary to the professional obligations of members of the bar. The proscriptions often include a ban on using or disclosing the fruits of an illegal interception. Statutory exceptions to these general prohibitions permit judicially supervised wiretapping or electronic eavesdropping conducted for law enforcement or foreign intelligence gathering purposes. Similar regimes -- proscriptions with exceptions for government access under limited circumstances -- exist for telephone records, e-mail and other forms of electronic communications. [ABSTRACT FROM AUTHOR]

Published
2006

13. Data Security: Protecting the Privacy of Phone Records: RL33287.

Author

Stevens, Gina Marie and Rainson, Tara Alexandra

Subjects
DATA security, CELL phone systems, CUSTOMER services, RIGHT of privacy
Abstract

The privacy of cellular telephone records has the potential to become a highpriority item on the congressional agenda. The Congress, the Federal Communications Commission (FCC), the Federal Trade Commission (FTC), and State Attorneys General are investigating the practices of companies that sell customer calling records for wireless and landline phones to determine whether they are in compliance with current confidentiality protections for customer information. Several federal bills have been introduced to address the breach of phone customers' privacy and to prevent the fraudulent acquisition of telephone records. Hearings have been held in both the House and Senate regarding the sale of phone records, and the House and Senate Judiciary Committees are scheduled to mark up legislation beginning on March 1. The FCC has granted a petition for a rulemaking to determine whether enhanced security and authentication standards for access to customer telephone records are warranted. The FTC is investigating data brokers involved in the practice of selling telephone records and is working with the FCC, which has jurisdiction over telecommunications carriers. At least five states have sued data brokers to enjoin the acquisition and sale of customer records. This report provides a brief discussion of efforts to protect the privacy of customer telephone records. For additional information, see CRS Report RL31636, Wireless Privacy and Spam: Issues for Congress, by Marcia S. Smith. This report will be updated when warranted. [ABSTRACT FROM AUTHOR]

Published
2006

14. Data Security: Federal Legislative Approaches: RL33273.

Author

Stevens, Gina Marie

Subjects
DATA protection, FEDERAL legislation
Abstract

Numerous data security bills were introduced in the first session of the 109th Congress to address data security breaches; some of these bills preempt and sometimes limit recently enacted state laws. Three congressional hearings were held in 2005 to examine issues related to data breaches. Three bills were reported by Senate committees during the first session of the 109th Congress. The prospect for continued congressional attention is high during the second session of the 109th Congress, with eight congressional committees having jurisdiction over some aspect of data security, data breach notification, and data privacy. This report discusses the core areas addressed in federal legislation, including the scope of coverage (who is covered and what information is covered); data privacy and security safeguards for sensitive personal information; requirements for security breach notification (when, how, triggers, frequency, and exceptions); restrictions on social security numbers (collection, use, and sale); credit freezes on consumer reports; identity theft penalties; causes of action; and preemption. For related reports, see CRS Report, Data Security: Federal and State Laws, by Gina Marie Stevens; CRS Report, Information Brokers: Federal and State Laws, by Angie A. Welborn; CRS Report, Privacy Protection for Customer Financial Information, by M. Maureen Murphy; and CRS Report, Internet Privacy: Overview and Pending Legislation, by Marcia S. Smith. This report will be updated as warranted. [ABSTRACT FROM AUTHOR]

Published
2006

15. Data Security: Federal and State Laws: RS22374.

Author

Stevens, Gina Marie

Subjects
ELECTRONICS, DATA protection, LAW, PERSONAL information management, DATABASES
Abstract

Security breaches involving electronic personal data have come to light largely as a result of the California Security Breach Notification Act, a California notification law that went into effect in 2003. In response, the states and some Members have introduced bills that would require companies to notify persons affected by such security breaches. By December 2005, 35 states had introduced data security legislation and 22 states had enacted data security laws. Numerous data security bills have been introduced in the 109th Congress (S. 115, S. 500, S. 751, S. 768, S. 1216, S. 1326, S. 1332, S. 1408, S. 1594, S. 1789, S. 2169, H.R. 1069, H.R. 1080, H.R. 3140, H.R. 3374, H.R. 3375, H.R. 3397, H.R. 4127). S. 1326, S. 1408, and S. 1789 were reported by Senate committees. This report provides a brief discussion of federal and state data security laws. The security of personal information and risks to data are paramount concerns addressed in federal and state law, legislation, and regulations. The public disclosure of breaches of customer databases in 2005 heightened interest in the business and regulation of data brokers.1 Data brokers collect personal information from public and private records and sell this information to public and private sector entities for many purposes, from marketing to law enforcement and homeland security purposes.2 Recent data security breaches illustrate (1) the risks associated with collecting and disseminating large amounts of electronic personal information, (2) the increased visibility of data security breaches as a result of consumer notice requirements, and (3) the potential risk of harm or injury to consumers from identity theft crimes (e.g., credit card fraud, check fraud, mortgage fraud, health-care fraud, and the evasion of law enforcement). One result of the highly publicized breaches of personal data security has been a new focus on establishing [ABSTRACT FROM AUTHOR]

Published
2006

16. Hurricane Katrina: HIPAA Privacy and Electronic Health Records of Evacuees: RS22310.

Author

Stevens, Gina Marie

Subjects
PUBLIC health, HEALTH insurance, MEDICARE, MEDICAID, MEDICAL care
Abstract

On September 4th, 2005 Health and Human Services (HHS) Secretary Leavitt declared a federal public health emergency for Louisiana, Alabama, Mississippi, Florida and Texas, and waived certain requirements under Medicare, Medicaid, the State Children's Health Insurance Program, and the Health Insurance Portability and Accountability Act to allow health care providers in affected areas to care for patients without violating certain provisions of those laws. The Secretary waived sanctions and penalties arising from noncompliance with certain provisions of the HIPAA privacy regulations. On September 9, HHS issued Hurricane Katrina Bulletin #2 ? HIPAA Privacy Rule Compliance Guidance and Enforcement Statement for Activities in Response to Hurricane Katrina. The September 9 bulletin builds on a September 2 guidance in which the department emphasized how the HIPAA privacy rule allows patient information to be shared to assist in disaster relief efforts, and to assist patients in receiving care. Shortly after Hurricane Katrina, the federal government began a pilot test of KatrinaHealth.org, an Electronic Health Record (EHR) online system, sharing prescription drug information for most of the hurricane evacuees with health care professionals. This report discusses, in response to Hurricane Katrina, HHS' waiver of certain provisions of the HIPAA Privacy Rule, and the compliance and enforcement guidance with respect to the Privacy Rule issued by HHS. It also provides a brief overview of KatrinaHealth.org. This report will not be updated. [ABSTRACT FROM AUTHOR]

Published
2005

17. Privacy: Key Recommendations of the 9/11 Commission: RS21915.

Author

Stevens, Gina Marie and Relyea, Harold C.

Subjects
CIVIL rights, COUNTERTERRORISM, SEPTEMBER 11 Terrorist Attacks, 2001
Abstract

Several of the recommendations made to protect against and prepare for terrorist attacks in the final report of the National Commission on Terrorist Attacks Upon the United States (9/11 Commission) focus on the protection of civil liberties. This report examines these recommendations, and those of other recent commissions. It will not be updated. [ABSTRACT FROM AUTHOR]

Published
2004

18. Brief Summary of the HIPAA Medical Privacy Rule: RS20934.

Author

Stevens, Gina Marie

Subjects
HEALTH Insurance Portability & Accountability Act, RIGHT of privacy, MEDICAL informatics, CONSUMER protection
Abstract

This report provides a brief overview of the modified HIPAA Privacy rule, "Standards for the Privacy of Individually Identifiable Health Information"("privacy rule") published on August 14, 2002 by the Department of Health and Human Services (HHS).1 Issuance of the modified Privacy Rule by the Bush Administration is the culmination of a decades long debate over access to medical records that has pitted privacy advocates and civil libertarians against employers and much of the health care industry. As required by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), a privacy rule was issued in December 2000, and modified August 2002. The privacy rule went into effect April 14, 2001, with compliance required by April 2003 for most entities.2 The HIPAA Privacy Rule establishes a set of basic consumer protections and a series of regulatory permissions for uses and disclosures of protected health information. S. 16, introduced in the 108th Congress by Senator Daschle, would reverse some modifications to the rule. This report will be updated. [ABSTRACT FROM AUTHOR]

Published
2003

19. Compliance with the HIPAA Medical Privacy Rule: RS21505.

Author

Stevens, Gina Marie

Subjects
LEGAL compliance, HEALTH care networks, HEALTH Insurance Portability & Accountability Act, CONSUMER protection
Abstract

As of April 14, 2003, most health care providers (including doctors and hospitals) and health plans are required to comply with the new Privacy Rule mandated by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), and must comply with national standards to protect individually identifiable health information. The HIPAA Privacy Rule creates a federal floor of privacy protections for individually identifiable health information; establishes a set of basic consumer protections; institutes a series of regulatory permissions for uses and disclosures of protected health information; permits any person to file an administrative complaint for violations; and authorizes the imposition of civil or criminal penalties. In hearings prior to the effective date of the Rule, there was widespread concern over aspects of the rule, including the extent to which it preempted state laws. On April 17, 2003, HHS published an interim final rule establishing the rules of procedure for investigations and the imposition of civil money penalties concerning violations. This interim final rule will be effective May 19, 2003 through September 16, 2003. HHS plans to issue a complete Enforcement Rule with both procedural and substantive provisions after notice-andcomment rulemaking. This report will be updated. Background. In order to "improve portability and continuity of health insurance coverage in the group and individual markets,"1 Congress enacted the Health Insurance Portability and Accountability Act of 1996 (HIPAA) on August 21, 1996, P. L. 104-191, 110 Stat. 1936, 42 U.S.C. '' 1320d et seq. Subtitle F of Title II of HIPAA is entitled "Administrative Simplification," and states that the purpose of the subtitle is to improve health care by "encouraging the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information."2 Sections 261 through 264 of HIPAA contain the administrative [ABSTRACT FROM AUTHOR]

Published
2003

21. Homeland Security Act of 2002: Critical Infrastructure Information Act: RL31762.

Author

Stevens, Gina Marie

Subjects
NATIONAL security
Abstract

The Critical Infrastructure Information Act of 2002 ("CIIA"), to be codified at 6 U.S.C. ''131 - 134, was passed on November 25, 2002 as subtitle B of Title II of the Homeland Security Act (P.L. 107-296, 116 Stat. 2135, sections 211 - 215), and regulates the use and disclosure of information submitted to the Department of Homeland Security (DHS) about vulnerabilities and threats to critical infrastructure. This report examines the CIIA. For further information, see CRS Report RL30153, Critical Infrastructures: Background, Policy, and Implementation, by John Moteff. This report will be updated as warranted. [ABSTRACT FROM AUTHOR]

Published
2003

22. Critical Infrastructure Information Disclosure and Homeland Security: RL31547.

Author

Moteff, John D. and Stevens, Gina Marie

Subjects
NATIONAL security, INFRASTRUCTURE (Economics), DISCLOSURE, FREEDOM of information
Abstract

Critical infrastructures have been defined as those systems and assets so vital to the United States that the incapacity of such systems and assets would have a debilitating impact on the United States. One of the findings of the President's Commission on Critical Infrastructure Protection, established by President Clinton in 1996, was the need for the federal government and owners and operators of the nation's critical infrastructures to share information on vulnerabilities and threats. However, the Commission noted that owners and operators are reluctant to share confidential business information, and the government is reluctant to share information that might compromise intelligence sources or investigations. Among the strategies to promote information sharing was a proposal to exempt critical infrastructure information from disclosure under the Freedom of Information Act. The Freedom of Information Act (FOIA) was passed to ensure by citizen access to government information. Nine categories of information may be exempted from disclosure. Three of the nine exemptions provide possible protection against the release of critical infrastructure information: exemption 1 (national security information); exemption 3 (information exempted by statute); and exemption 4 (confidential business information). Congress has considered several proposals to exempt critical infrastructure information from FOIA. Generally, the legislation has created an exemption 3 statute, or adopted the exemption 4 D.C. Circuit standard. Prior to passage of the Homeland Security Act (P.L. 107-296), the House (H.R. 5005) and Senate (S. 2452) bills differed significantly on language providing a FOIA exemption. Differences included the type of information covered and exempted from FOIA; the scope of the protections provided; the authorized uses or disclosures; the permissibility of disclosures of related information by other agencies; immunity from civil liability; preemption; and criminal penalties. The Homeland Security Act (P.L. 107-296, section 214 ) provisions regarding the exemption of critical infrastructure information from FOIA adopted the House language in its entirety. Public interest groups question the necessity of a FOIA exemption suggesting that existing FOIA exemptions provide sufficient protections.. They also argued that the House language (which passed) was too broad and would allow a wider range of information to be protected (including information previously available under FOIA). They favored the more limited protections proposed in the S. 2452. Public interest groups also expressed concern that the provision which bars use of the protected information in civil actions would shield owners and operators from liability under antitrust, tort, tax, civil rights, environmental, labor, consumer protection, and health and safety laws. Owners and operators of critical infrastructures insisted that current law did not provide the certainty of protection needed. While they viewed the Senate language as a workable compromise, they favored the protections in H.R. 5005. Compelling arguments existed on both sides of the debate for and against exempting critical infrastructure information from the Freedom of Information Act. S. 6 introduced in the 108th Congress, resurrects S. 2452 (107th Congress). This report will be updated as warranted. [ABSTRACT FROM AUTHOR]

Published
2003

23. Online Privacy Protection: Issues and Developments: RL30322.

Author

Stevens, Gina Marie

Subjects
COMPUTER security, PRIVACY, ONLINE information services, DATA protection
Abstract

It is routinely acknowledged that the success of the Internet and electronic commerce depends upon the resolution of issues related to the privacy of online personal information. This paper discusses some potential threats to the privacy of online personal information, and efforts by businesses, governments, and citizens to respond to them. The paper also provides an overview of the legal framework for the protection of personal information. Some advocate legal recognition of a right to "information privacy" for online transactions. The term "information privacy" refers to an individual's claim to control the terms under which personal information is acquired, disclosed, and used. In the United States there is no comprehensive legal protection for personal information. The Constitution protects the privacy of personal information in a limited number of ways, and extends only to the protection of the individual against government intrusions. However, many of the threats to the privacy of personal information occur in the private sector. Any limitations placed on the data processing activities of the private sector will be found not in the Constitution but in federal or state law. There is no comprehensive federal privacy statute that protects personal information held by both the public sector and the private sector. A federal statute exists to protect the privacy of personal information collected by the federal government. The private sector's collection and disclosure of personal information has been addressed by Congress on a sector-by-sector basis. With the exception of the Children's Online Privacy Protection Act of 1998, none of these laws specifically covers the collection of online personal information. The federal government currently has limited authority over the collection and dissemination of personal data collected online. President Clinton's Information Infrastructure Task Force supports industry standards for privacy protection. The Federal Trade Commission Act prohibits unfair and deceptive practices in commerce, and the Commission has brought enforcement actions to address deceptive online information practices. In June 1998, the Federal Trade Commission presented a report to Congress titled Privacy Online which examined the information practices of over 1400 commercial Web sites, and found that the vast majority of online businesses have yet to adopt even the most fundamental fair information practice. The Commission issued a new report to Congress in July 1999 on Self-Regulation and Online Privacy and found that the vast majority of the sites surveyed collect personal information from consumers online, and that the implementation of fair information practices is not widespread. The FTC issued a new report in May 2000 after another survey of web sites. Notwithstanding measurable gains since the 1999 report to Congress, a majority of the Commission found that self-regulation alone, without some legislation, is unlikely to provide online consumers with the level of protection they seek and deserve, and recommended that Congress consider legislation to complement self-regulation. This report does not track legislation pending before Congress. [ABSTRACT FROM AUTHOR]

Published
2001

Catalog

Books, media, physical & digital resources
See catalog results