By: Jeff Durst
May 27, 2021
US Information Privacy Course Review
By: Jeff Durst
May 27, 2021
The Privacy Problem
The idea of "privacy," especially when it comes to personal data, continues to change at a breakneck pace. It is no secret that almost every social media platform and search engine collects millions of data points about their users. The data is used for countless applications ranging from harmless (targeted ads) to downright diabolical (selling data to other users).
Further complicating the issue is that many users have come to accept this privacy violation as simply the "cost of doing business." General public apathy has allowed information privacy to disappear more and more as time goes on.
The U.S. finds itself facing a new issue: how to define and regulate information privacy. The privacy issue is one that lawmakers of the 20th century could never have predicted. Who "owns" information? Additionally, the privacy problem's scope goes way beyond private citizens. What does "privacy" mean when it comes to information about government offices, national labs, or private businesses?
What laws exist to protect this information? And what rights for privacy exist in the U.S. legal system? The unfortunate truth is that there is no one comprehensive law regarding information privacy.
This article aims to explain what information privacy means in the U.S. and what privacy rights exist in the U.S. We will begin with a general background of information privacy law. Next, we will discuss certain major laws that exist to keep information private. Finally, we will explore what comes next in this field.
Information Privacy, the U.S. Constitution, and the Right to Privacy
The idea of information privacy was not included in the original Constitution. In 1791, the Fourth Amendment was passed, granting "the right of the people to be secure in their persons, houses, papers, and effects…". However, this amendment does not provide for who and how this right is enforced.
In the Fourth Amendment, the term "papers" can be deduced to include digital documents. However, digital documents exist on paper and in cyberspace. Meaning, if someone stores a digital document on a server, what rights to that information does the host have? If someone provides digital information to a company, what rights does the company have to distribute it? And what legal obligation does the company have to keep that information private?
In 1965, The Supreme Court recognized in a case that the Due Process Clause of the Fourteenth Amendment (1868) provides a due process Right to Privacy. However, does the right to privacy include all privacy or just privacy of information regarding criminal actions?
Who is supposed to enforce all these privacy regulations? Again, without a comprehensive law, the responsibility falls on the Federal Trade Commission (FTC). The FTC's mission is to prevent "unfair or deceptive acts or practices in, or affecting commerce." In the case of privacy, "unfair or deceptive" means abuse of information. For example, are targeted ads based on a consumer's browser history information "unfair"?
In the 1960s and 1970s, tort reforms were created. Tort reforms are designed to change the civil justice system's laws by reducing the victims' damages. Which raises the question: how did tort reform protect privacy? The next section will answer that very question.
Prosser's Four Privacy Torts
William Prosser was a legal scholar in the mid-1900s and has long been considered one the leading experts on Tort Law. He is responsible for how tort law was viewed and enacted for a generation of lawyers. For our article, we will only discuss how his tort reforms changed information privacy in the U.S.
Prosser sought to define the concept of "Invasion of Privacy legally." His legacy stirs up controversy; it reinforces Information Privacy while curtailing its advancement. Prosser created tort laws that defined and protected Information Privacy; however, his definitions of Information Privacy were so narrow and "vague" that further legal reform has been difficult. In 1960, he developed four torts, which are discussed below.
Prosser's First Tort: Intrusion of Solitude and Seclusion
Intrusion of Solitude is described as making public the details of someone's private life. By 1960, cases had been heard in court regarding what constitutes an invasion of privacy and what was free speech. Prosser based the writing of his first tort on these precedents. A good example of this is using the facts of someone else's life in a fictional work without their permission. Hence the "any similarity to actual persons or events are unintended" disclaimer that shows up in books and movies.
Similarly, Intrusion of Seclusion means physically or digitally accessing someone's private information. This could range from breaking into someone's house and stealing a checkbook to recording a private citizen in their home without their knowledge. The intrusion of seclusion has the caveat that the offended party, or the victim, expected privacy.
Prosser's Second Tort: Public Disclosure of Private Facts
Prosser's second tort has two parts. First, it requires making a person's private information public. Second, the revealed information must not be on public records or "no public interest" while also offensive to a "reasonable person." This tort refers to the public dissemination of information, such as a public interview or widespread publication.
Prosser's Third Tort: False Light
False Light is similar to defamation. However, defamation involves disclosing false information with the intent to harm and is considered when no real harm is done. False light involves disclosing true and/or misrepresented information with the intent to harm. It is also persecuted only when damage is done as a result of the violation of privacy. False light and defamation are different in regards to the punishment or verdict.
False Light is very difficult to prove legally. The tort is enforced differently across states, cases, and circumstances. For example, the number of people required to make the private information "public" varies. In some states or situations, revealing the information to 5 people merits False Light. The information has to be published in a public medium (newspaper, news station, etc.) in other states. Furthermore, different regulations apply to certain government employees. For these reasons, this tort is rarely invoked.
Prosser's Fourth Tort: Appropriation of Name or Likeness
This tort makes it illegal to use someone's name or likeness "without consent for the commercial benefit of another person." Or in other words, appropriation of name or likeness occurs when one person uses another's identity for commercial gain. It is similar to copyright law: a person's name and image are owned by them alone and cannot be used without permission.
Prosser's torts marked a major step in protecting privacy. But, they also provided narrow definitions of "privacy." Focusing on "invasions of privacy," these torts don't allow for non-malicious breaches in privacy. Based on Prosser's torts, using private information to create ads doesn't technically violate privacy.
Other Privacy Concerns
In the United States, each state has its privacy laws. Privacy laws in each state can vary. With the new California Consumer Privacy Act, some states, such as California, aggressively enact new privacy laws. On the other hand, over half of the states have no recent or active legislation regarding privacy, nor any plans to attempt any. All this to say, a data privacy worker will need to know both federal and state laws.
Moreover, information privacy varies across applications. As an example, the Health Insurance Portability and Accountability Act (HIPPA) provides one set of medical information laws. The Children's Online Privacy Protection Act restricts what data can be collected, shared, or sold about children under 13. Likewise, privacy laws exist regarding scientific data, financial data, and educational data.
Meanwhile, there are specific laws regarding data breaches. Security breach notification laws provide another set of laws governing information privacy. Not surprisingly, these laws also deviate from state to state and between applications. These laws generally govern who, how, and how quickly citizens are informed when their personal information has been unlawfully accessed.
Working in data privacy, a professional must obtain training and understand Federal, state, and application laws and how to enforce these laws. Additionally, a data privacy professional needs to understand state and federal privacy breach notification laws.
Working in Data Privacy
Information/data privacy differs from data security. Data privacy doesn't handle keeping data safe. It deals with:
- Whether or not data can be shared with a third party.
- How data is shared with a third party.
- How data is collected.
- How data is stored.
- Regulatory restrictions on data.
- Information privacy rights.
Finding qualified data privacy professionals is a growing concern for modern businesses and government organizations. Many sources have shown that there is a global shortage of data privacy experts. Businesses are learning that data is their greatest asset and their greatest liability. Unfortunately, businesses realize that they are wildly unprepared to understand and ensure data privacy.
This article discussed the need for data privacy experts is dire. I.T. professionals are critical to government offices and private businesses. They need data security professionals that can safeguard their data from cyber-attacks and legal violations. Cybrary offers several course curricula that will kick start your career in data privacy.