The Sectoral Approach – HIPAA, GLBA, COPPA
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
4 hours 41 minutes
Hello, everyone, and welcome to lesson 1.3. Or we are going to discuss the sectoral approach, the data privacy legislation in the United States,
some learning goals and objectives for less than 1.3.
First, we're going to compare the comprehensive approach, and I'll get what that means in a moment versus the sectoral approach to data privacy legislation. Again, I'll get to that in a moment.
Objective number two. We will also discuss why the United States has historically relied on the sectoral approach.
Again. I'll explain what that means here in a second.
Then Number three.
What makes the CCP a so different and why the CCP differs from the sectoral approach
giving away what we will discuss here in a moment. But these are our learning goals and objectives, so let's make sure we keep ourselves organized.
Let's compare and contrast the sectoral approach to data privacy versus the comprehensive approach.
Under the sectoral approach, Congress or some other national body will only regulate a specific industry, meaning that Onley businesses that fall underneath that industry are going to be subject to the privacy law that is about to get past.
There are other types of sectoral privacy laws.
In some cases, you might see a law where Onley, a specific kind of personal information, is regulated.
The big one.
Whenever you go to the doctor, you probably see the acronym PH. I, which stands for personal health information on Lee. A certain type of information in that instance is being regulated. On the other hand, maybe on Lee, a specific kind of individual is being protected.
The big one there tends to be Children
because Congress creates the law. In separate instances,
you're going to normally see different regulators to ensure that these privacy laws air followed.
Health regulators regulate privacy in the healthcare space.
Financial regulators regulate privacy in the financial space, etcetera.
There are some exceptions, and we'll get to that
That basically summarizes the sectoral approach and some of the laws and compliance obligations you've probably already encounter either at work or just in your personal life.
That's the left side of the screen.
Now let's take a look here for a moment at the comprehensive approach.
Under the comprehensive approach, all personal information of everyone is going to be regulated so long is that law applies to that region.
The big one there that I can think of is the GDP are
every data subject in the European Union is subject and enjoys the benefits of the GDP? Are
the industry the type of data the person who enjoys the benefits are all completely inconsequential, and it's going to be the same regulator that enforces that comprehensive privacy law.
with the sectoral approach summarized in the comprehensive approach summarized,
can you already begin to guess which category the CCP A falls into?
Let's make a quick mental note of that
for a quick moment. Let's explain why the sectoral approach historically had so much precedence in the United States.
One of the main reasons for that is industries, regrettably, had very strong lobbying groups.
Big tech is able to shape the laws in the ways that they want to, as do certain industries that have always been regulated.
Big farmer or the banking sector, the too big to fail. Banks are able to dictate the way the financial privacy laws, in many instances, will apply to them.
On the flip side, there are also industry groups or even nonprofits or think tanks that advocate that certain people have stronger protections.
The big one, of course, is the mantra. Protect the Children.
One of the reasons why Children have and enjoy stronger privacy laws and protections in the United States is because there were people historically who advocated on behalf of Children. Specifically,
let's take a quick moment to look at the sectoral laws that exist in this country that I will mention in future lessons and that interact with and sometimes smack right into the face of the CCP A itself.
Let's take a quick note of those laws.
The first one, which you're actually unlikely to encounter, is the Video Privacy Protection Act. That's actually a fun when I included because a gentleman by the name of Robert Bork was nominated for the Supreme Court
during his testimony before the Senate, he said, I don't believe there's a national right to privacy.
Someone got smart and went to his local blockbuster and requested the videos that he had previously rented and at the time, video cassettes.
When, of course, Robert Bork felt offended.
Privacy advocates were like,
Well, you never said that there was a natural right to privacy.
Funny enough, Congress actually passed a lot of fix that problem.
The main one that you probably have heard of whenever you go to the doctor's office is hip hop.
The Health Information Portability and Accountability Act is approaching 30 years in existence in this country and interacts frequently with the C c p A.
We'll make a note of that when that happens.
Coppa, as I mentioned a moment ago,
is the privacy law that regulates all things Children related
again, we will interact with Coppa as we talk about how the C C P. A. Applies to Children.
The G o B A. For any of you who work in the banking sector or your company might be a thin tank or something like that,
you do need to be aware of the G l B A privacy obligations and how they interact with the c c. P. A.
We'll make a note of that when it comes up,
and then the last one.
Just because the nature of technology has evolved.
In 2000 and eight,
Congress also passed a national sectoral law that regulates the use of genetic information.
Here's the punchline.
We're gonna get to this in future lessons
in a land of sectoral privacy laws. The C C P. A. Is the very first comprehensive privacy law in the United States.
It applies toe everyone in California, no matter what type of information is being processed
or collected in any form or fashion.
We'll get to all that in future lessons. But
that is why Sai Buri has created a specific course for the C C p A.
That's why the C C P. A. Is always on the news.
Keep an eye on that as you go through the lessons and encounter items at the workplace.
In summary, we talked about the differences between the comprehensive and sectoral approach and the big ticket privacy laws that you need to be aware of as we dive into these lessons here in the future. And of course, while the CCP a broke the norm with sectoral regulation by becoming the very first privacy law in the United States,
I'll see you all in the next lesson