Privacy; Information Systems
Privacy regulations are laws and policies put in place to protect digital privacy and to regulate access to digital data and equipment. While US law has no general consumer privacy protection laws, it does protect certain types of digital data, including medical and financial data.
As of 2016, the United States has no general laws protecting computer privacy. However, access to computers and certain types of digital data are restricted by various federal and state laws. While the US Constitution has no specific provision protecting the right to privacy, the Supreme Court has repeatedly interpreted several amendments to implicitly guarantee it. For example, the Fourth Amendment protects against unwarranted search and seizure. This has been taken to apply to an individual's personal communications. With advances in digital technology, millions of Americans have begun lobbying for new protections specifically for digital communication and data.
Within an organization, permission to access digital data may be restricted according to a system of access levels. In such a system, users are grouped into categories with varying levels of computer clearance. Network administrators usually have access to all data and operations. Users at other levels may have more limited access. In corporate and government systems, users are prohibited from accessing computers or data beyond their access level.
The Computer Fraud and Abuse Act (CFAA) of 1986 amended the United States Code statutes on federal crimes and criminal procedures. This act made unauthorized access to computer systems involved in interstate or foreign communications a federal offense. It allows for the prosecution of persons who attempt to gain unlawful computer access. The CFAA was specifically designed to protect government and financial institutions.
After the September 11, 2001, terrorist attacks, Congress passed the PATRIOT Act. This act gave federal agencies increased powers to monitor digital communications in order to prevent terrorism. It also specified that pen/trap restrictions apply to routing information from electronic communications as well. This technically extends privacy protections, but also allows government agencies to compel ISPs to provide routing information instead of having to gather it themselves.
A number of US federal regulations protect certain types of consumer data. For instance, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 regulates the collection and use of medical information. Organizations with access to someone's health care data may not disclose the data without permission from that person. HIPAA mainly applies to health care providers and pharmacies. Similarly, the Fair Credit Reporting Act of 1970 limited the use of individual personal and financial information by consumer credit reporting agencies. Other such laws include the Privacy Act (1974), the
Tax Reform Act (1976), and the Electronic Fund Transfer Act (1978). These laws were not necessarily designed to protect electronic data. Nevertheless, they form the basis of Internet privacy regulations. However, many Americans feel that more general privacy laws are necessary.
—Micah L. Issitt
“Computer Crime Laws.” Frontline. WGBH Educ. Foundation, 2014. Web. 28 Mar. 2016.
“Computer Fraud and Abuse Act (CFAA).” Internet Law Treatise. Electronic Frontier Foundation, 24 Apr. 2013. Web. 31 Mar. 2016.
Duncan, Geoff. “Can the Government Regulate Internet Privacy?” Digital Trends. Designtechnica, 21 Apr. 2014. Web. 28 Mar. 2016.
“Health Information Privacy.” HHS.gov. Dept. of Health and Human Services, n.d. Web. 28 Mar. 2016. 4 Science Reference Center™ Privacy Regulations
“State Laws Related to Internet Privacy.” National Conference of State Legislatures. NCSL, 5 Jan. 2016. Web. 28 Mar. 2016.
“USA Patriot Act.” Electronic Privacy Information Center. EPIC, 31 May 2015. Web. 28 Mar. 2016.
Zetter, Kim. “California Now Has the Nation's Best Digital Privacy Law.” Wired. Condé Nast, 8 Oct. 2015. Web. 28 Mar. 2016.