ANALYSIS OF THE U.S. APPROACH TO DATA PRIVACY - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

ANALYSIS OF THE U.S. APPROACH TO DATA PRIVACY

Description:

Medical records may be critical to issues such as establishing physical injury ... With regard to criminal history information ... – PowerPoint PPT presentation

Number of Views:48
Avg rating:3.0/5.0
Slides: 16
Provided by: jhor
Category:

less

Transcript and Presenter's Notes

Title: ANALYSIS OF THE U.S. APPROACH TO DATA PRIVACY


1
ANALYSIS OF THE U.S. APPROACH TO DATA PRIVACY
European Commission Audiovisual Library
2
PRINCIPLES OF PRIVACY PROTECTION
  • PRINCIPLE 1 RECOGNITION OF A GENERAL
    RIGHT TO PRIVACY
  • PRINCIPLE 2 QUALITY OF INFORMATION
  • PRINCIPLE 3 SPECIAL CATEGORIES
  • PRINCIPLE 4 SECURITY OF INFORMATION
  • PRINCIPLE 5 ADDITIONAL SAFEGUARDS
  • PRINCIPLE 6 OVERSIGHT MECHANISMS

3
PRINCIPLE 1 RECOGNITION OF A GENERAL RIGHT TO
PRIVACY
  • EU
  • European data protection regimes have arisen from
    a desire to balance individual and societal
    interests, including by minimizing unnecessary
    intrusion by government into personal privacy.
    Corresponding principles of personal privacy have
    been incorporated in the Charter of Fundamental
    Rights of the European Union.
  • U.S.
  • The U.S. Constitutions Bill of Rights explicitly
    guarantees certain privacy rights and the U.S.
    Supreme Court has inferred from them a general
    right to privacy.
  • The U.S. Congress has enacted the Privacy Act of
    1974 and the e-Government Act of 2002, which make
    affirmative demands on federal agencies to
    protect privacy.
  • The U.S. President has issued memoranda
    establishing executive branch policies concerning
    the privacy of personal information in federal
    records.
  • U.S. jurisprudence has in particular
    circumstances provided remedies for violations of
    these privacy interests.

4
PRINCIPLE 2 QUALITY OF INFORMATION
  • EU
  • Personal data generally should be
  • Obtained and processed fairly and lawfully
  • U.S.
  • By law, federal law enforcement agencies may
    obtain such information as may be required to
    carry out their law enforcement functions.
    Regulations of the particular law enforcement
    agencies concerned or agency guidelines provide
    supplemental authority.
  • State and local governments operate analogously.
  • The Privacy Act establishes a code of fair
    information practices which regulates the
    collection, maintenance, use and disclosure of
    personally identifiable information.
  • E-Government Act of 2002 mandates that agencies
    conduct Privacy Impact Assessments (PIAs) of
    certain information technology systems that
    collect identifying information about
    individuals. Each agency must certify that it
    has completed a PIA for such a system in order to
    receive funding for it.

5
  • EU
  • Stored for specified and legitimate purposes
  • Adequate, relevant and not excessive in relation
    to the purposes for which they are stored
  • U.S.
  • The Federal Records Act (44 U.S.C. 2901-2909,
    3101-07) establishes rules for the creation,
    management, preservation and disposal of federal
    records.
  • The Act is designed to assure an accurate and
    complete documentation of the policies and
    transactions of the Federal Government,
    control of the quantity and quality of records
    produced by the Federal Government, and
    judicious preservation and disposal of
    records.
  • The system is for the purpose of protecting both
    government interests, and those of persons
    directly affected by government agency actions.
  • The Privacy Act establishes a code of fair
    information practices which regulates the
    collection, maintenance, use and disclosure of
    personally identifiable information.
  • Special regulations protecting personal privacy
    have been promulgated to address such important
    law enforcement functions as operation of
    criminal intelligence, or background check
    systems.
  • The relevance standard for admitting evidence in
    criminal or related proceeding under adjudication
    acts as an additional check. The court
    adjudicating a matter may also reject the
    presentation of evidence which, although
    relevant, is excessive.
  • The Privacy Act establishes a code of fair
    information practices which regulates the
    collection, maintenance, use and disclosure of
    personally identifiable information.

6
  • EU
  • Removed when the purpose for which the data was
    stored no longer exists
  • U.S.
  • The Records Disposal Act (44 U.S.C. 3303 et
    seq.) authorizes the National Archivist to
    establish schedules for the destruction of
    records, and requires approval from the U.S.
    Archivist before an agency can discard a record.
  • Specific disposal requirements are set forth in
    regulations, which specify the period for which
    law enforcement records may be retained.

7
PRINCIPLE 3 SPECIAL CATEGORIES
  • EU
  • Personal data must be subjected to appropriate
    special safeguards if it pertains to
  • Health or sexual life
  • U.S.
  • Generally, federal law enforcement may not take
    into account factors such as race, sex, religion,
    or personal feelings about an individual under
    investigation, and federal investigations must be
    conducted with as little intrusion into the
    privacy of individuals as the needs of the
    situation permit.
  • Medical records may be critical to issues such as
    establishing physical injury and identification
    of individuals. Their use is accordingly
    permissible for a range of law enforcement
    purposes.
  • At the same time, law enforcement may not use
    protected health information concerning an
    individual, discovered during the course of
    health oversight activities for unrelated civil,
    administrative, or criminal investigations of a
    non-health oversight matter, against that
    individual except when the balance of relevant
    factors weighs clearly in favor of its use. Such
    use must be authorized at the highest levels of
    the appropriate agency.
  • Regulations set forth in detail the circumstances
    under which patient information in general may be
    gathered and special procedures that must be
    followed in order to ensure the confidentiality
    of patient identifying information.

8
  • EU
  • Personal beliefs
  • Racial origin
  • U.S.
  • U.S. law and practice recognizes that this type
    of information provides a potential for abuse.
  • Accordingly, for example, agency guidelines
    prohibit the FBI from initiating investigations
    based on activities protected by the First
    Amendment to the Constitution, which encompasses
    the free expression of ideas, freedom of
    religion, and freedom of association.
  • The U.S. Constitution prohibits singling out
    suspects for prosecution on the basis of race,
    religion or other arbitrary classification.
  • U.S. jurisprudence also, inter alia, clearly
    prohibits law enforcement officials from relying
    on racial origin alone to justify investigative
    stops of suspects.

9
PRINCIPLE 4 SECURITY OF INFORMATION
  • EU
  • Personal data obtained by the government must be
    subjected to appropriate measures to
  • Safeguard its physical integrity
  • U.S.
  • Pursuant to the Federal Records Act (44 U.S.C.
    3105) and supplemental regulations (Title 36
    C.F.R. 1228.150, et seq., 1228.228, and
    Appendix A), information held by federal agencies
    must be stored in accordance with safeguards to
    ensure that the physical integrity of the
    information is maintained, as well as to protect
    against unauthorized access.

10
  • EU
  • Protect against improper disclosure
  • U.S.
  • Concerning disclosure to another government
    agency
  • The United States adheres to a general principle
    that information collected for law enforcement
    purposes should be used only to prevent or
    prosecute criminal offenses.
  • Personal information obtained by one U.S. law
    enforcement agency that appears useful for
    another may generally be used for any matter
    within the receiving agencys jurisdiction.
  • This is important under our federal system so as
    not to unnecessarily hamper federal and state law
    enforcement authorities from cooperating on how
    best to exercise the complementary or concurrent
    law enforcement competencies.
  • The disclosure of certain types of information to
    another agency may in some cases require
    imposition of special conditions (e.g., to ensure
    that the investigation or a witness is not
    endangered).
  • All 50 states have further restrictions based on
    their own privacy laws.

11
  • U.S.
  • Concerning the disclosure of personal information
    to private third parties
  • This issue is generally regulated by the Freedom
    of Information Act (FOIA), which applies to both
    citizens and-non citizens.
  • Specifically exempt from disclosure is
    information collected for law enforcement
    purposes that could reasonably be expected to
    constitute an unwarranted invasion of personal
    privacy.
  • Also exempt is a broad category of medical,
    personnel, and similar information the
    disclosure of which could reasonably be expected
    to constitute an unwarranted invasion of personal
    privacy.
  • FOIA exemptions do not create a blanket
    prohibition on the disclosure of all personal
    information held by an agency. Instead, the
    statute and interpretive jurisprudence establish
    a test for withholding disclosure that balances
    the publics interest in government transparency
    against the privacy interests of the individual
    concerned.

12
PRINCIPLE 5 ADDITIONAL SAFEGUARDS
  • EU
  • In general, under EU principles, a person should
    be entitled to
  • Determine whether the government possesses
    personal data pertaining to him or her
  • U.S.
  • For both citizens and non-citizens, it is the
    FOIA, not the Privacy Act, that governs access to
    information about themselves held by federal law
    enforcement agencies. Indeed, while the Privacy
    Act may appear to give a U.S. citizen or resident
    the right to request access to information about
    him or herself, in fact U.S. law enforcement
    agencies are permitted to exempt and have
    exempted themselves from this provision.
  • The FOIA generally limits the extent to which
    access to records or information compiled for
    law enforcement purposes may be obtained,
    regardless of whether the information pertains to
    oneself or another. Such access is necessarily
    limited for both citizens and non-citizens
    because of the potential for interference with
    legitimate law enforcement investigative
    activities.

13
  • EU
  • Obtain the correction or deletion of incorrect
    personal data
  • Have a remedy for the governments failure to do
    so
  • U.S.
  • U.S. law and practice provides mechanisms to
    correct inaccurate information gathered by law
    enforcement agencies, e.g.
  • With respect to reports to be used by a court in
    determining the proper sentence to impose on a
    convicted person
  • With regard to criminal history information
  • Access (and therefore a right of subsequent
    correction) may be inconsistent with effective
    law enforcement operations e.g., where an
    investigation is ongoing and therefore not
    available.
  • Where the individual has sought but not obtained
    correction of his records in the circumstances
    described above, remedies under U.S. law include
    fine or administrative action, depending on the
    nature and consequences of the inaccuracy.

14
PRINCIPLE 6 OVERSIGHT
  • EU
  • In the EU, data protection authorities have been
    established to ensure compliance with applicable
    data protection instruments.
  • U.S.
  • The precise type of data protection authorities
    existing in the EU have not been established, but
    analogous mechanisms exist.
  • On July 7, 2004 Congress legislated the creation
    of Chief Privacy Officers in all executive
    departments and the creation of a Civil Liberties
    Protection Officer in the Directorate of National
    Intelligence.
  • A presidential memorandum of 1998 requires each
    federal agency to designate a senior official to
    assume responsibility for policy under the
    Privacy Act, including the institution of a
    thorough review of the agencies record systems
    and practices regarding collection or disclosure
    of personal information.
  • Presidents Privacy and Civil Liberties Oversight
    Board was created in February, 2007 The Board
    advises the President and other senior executive
    branch officials to ensure that concerns with
    respect to privacy and civil liberties are
    appropriately considered in the implementation of
    all laws, regulations, and executive branch
    policies related to efforts to protect the Nation
    against terrorism. This includes advising on
    whether adequate guidelines, supervision, and
    oversight exist to protect these important legal
    rights.
  • Inspectors General within each federal agency.
    The Office of the Inspector General (OIG) at the
    Department of Justice conducts independent
    investigations, audits, inspections, and special
    reviews of United States Department of Justice
    personnel and programs to detect and deter waste,
    fraud, abuse, and misconduct, and to promote
    integrity, economy, efficiency, and effectiveness
    in Department of Justice operations.
  • Internal Affairs Divisions take appropriate
    action against employees who wrongly disclose
    private information.
  • With regard to the oversight of records
    management systems, U.S. law authorizes the
    administrator of general services or the
    archivist to inspect the records or the records
    management practices and programs of any Federal
    agency for the purpose of making recommendations
    for improving records management practices and
    programs (See 44 U.S.C. 2906(a)(1)).
  • U.S. law provides for a variety of criminal and
    civil sanctions for violations of laws and
    regulations on personal privacy.
  • States have various oversight and control
    mechanisms as well.

15
CONCLUSION
  • In sum, while the means may differ, the EU and
    U.S. both protect the same principles of personal
    privacy.
Write a Comment
User Comments (0)
About PowerShow.com