DOCSLIB.ORG

Bridging the Gaps: a Path Forward to Federal Privacy Legislation 3

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Bridging the Gaps: a Path Forward to Federal Privacy Legislation 3 BRIDGING THE GAPS A path forward to federal privacy legislation By Cameron F. Kerry, John B. Morris, Jr., Caitlin T. Chin, and Nicol E. Turner Lee June 2020 1 Preface espite a promising start in the 116th Congress, These recommendations include federal preemption Dcomprehensive information privacy legislation of conflicting state laws on data collection, process- appears stalled on Capitol Hill. Although key Senate ing, and sharing, as well as a right for individuals to and House leaders on both sides of the aisle have bring lawsuits for statutory violations. They integrate put forward bills that reflect considerable consensus, with our approach to other issues in privacy legis- there has been little movement on a few pivotal and lation, including algorithmic decision-making, civil more polarized issues. rights, and limits on data processing. Our recommen- dations aim to prompt a clearer shift in regulatory To help inform the privacy debate and chart a path paradigm by setting boundaries on how covered forward, this report presents a comprehensive review entities collect, process, and share personal infor- of key legislative proposals and offers detailed policy mation; establishing organizational accountability recommendations with the ultimate goal of filling in mechanisms; and graduating obligations according gaps in U.S. information privacy protections. Taken to the scale of the covered entity, covered data, and in its entirety, this report builds on principles and privacy risks involved. provisions in existing legislative proposals, while tackling some of the more contentious issues. BRIDGING THE GAPS: A PATH FORWARD TO FEDERAL PRIVACY LEGISLATION 3 Table of Contents INTRODUCTION AND EXECUTIVE SUMMARY ................................................................ 4 A. Background ................................................................................ 4 B. Overview of Recommendations ......................................................... 5 C. A Path Forward ............................................................................ 10 D. Methodology ............................................................................... 11 BRIDGING THE GAPS: KEY RECOMMENDATIONS ........................................ 13 PART I – THE ENDGAME ISSUES ............................................................. 15 A. Preemption ................................................................................. 16 B. Private Right of Action .................................................................... 19 PART II – THE HARD ISSUES .................................................................. 26 A. Limits on Processing of Covered Information ......................................... 27 B. Civil Rights ................................................................................. 37 C. Algorithmic Decision-Making ............................................................ 42 PART III – THE SOLVABLE ISSUES ........................................................... 46 A. Covered Entities ........................................................................... 47 B. Data Security ............................................................................... 49 C. Organizational Accountability ............................................................ 51 D. Federal and State Enforcement .......................................................... 54 PART IV – THE IMPLEMENTATION ISSUES ................................................ 62 A. Right to Control ............................................................................ 63 B. Right to Recourse.......................................................................... 65 C. Notice and Transparency ................................................................. 66 D. Title ......................................................................................... 69 E. Legislative Findings ....................................................................... 70 F. Effective Dates ............................................................................. 70 CONCLUSION ..................................................................................... 72 ABOUT THE AUTHORS .......................................................................... 73 ACKNOWLEDGMENTS .......................................................................... 73 ENDNOTES ........................................................................................ 74 4 Introduction and Executive Summary Although there is abiding interest in privacy legis- A. Background lation, member-level energy for bipartisan privacy In November 2019, Senator Maria Cantwell (D-WA) negotiations has largely waned since the introduc- introduced the Consumer Online Privacy Rights Act tion of COPRA and USCDPA. Recently, response to (COPRA) and Senator Roger Wicker (R-MS) released the COVID-19 pandemic has necessarily consumed the draft United States Consumer Data Privacy most of the available bandwidth in Congress. Yet the Act (USCDPA).1 pandemic has raised issues surrounding access to mobility and proximity data, health information, and As we (Kerry) wrote at the time, these two Senate other forms of personal information that may—and 4 Commerce proposals “frame[d] the issues for in some cases may not—be useful for public health. this discussion going into the next session of These are a reminder of the gaps in the U.S. system Congress” and introduced clarity to the broader of privacy protection. privacy debate.2 Shortly after, House Energy and Commerce Committee staffers circulated a “bipar- COPRA and USCDPA are promisingly similar in many tisan staff discussion draft” for comment and, more aspects, with general stakeholder agreement on sev- recently, Senator Jerry Moran (R-KS) introduced the eral significant issues. Even so, many stakeholders Consumer Data Privacy and Security Act (CDPSA).3 have staked out polar all-or-nothing positions on the two issues where Wicker and Cantwell are the furthest apart—federal preemption of state privacy laws, and a right for individuals to bring lawsuits for privacy violations. And so long as these protagonists Our report seeks to unfreeze the remain in their own corners, the broader privacy privacy debate by exploring and debate will be frozen and federal legislation stalled. offering a middle ground. Our report seeks to unfreeze the privacy debate by exploring and offering a middle ground. It proposes solutions on federal preemption and private lawsuits that depart from the maximalist approaches shaping the current debate. The report also articulates some BRIDGING THE GAPS: A PATH FORWARD TO FEDERAL PRIVACY LEGISLATION 5 broad privacy protections that come with legal con- and USCDPA apply baseline, scaled data security sequences but allow flexibility in compliance. standards for all covered entities, an approach we propose to adapt to other provisions. In our policy recommendations, we propose latitude for state laws by preempting them only where they Instead of prescribing specific limits or processes, interfere with federal provisions on data collection, we propose incorporating basic privacy protections processing, transfers, and security—and not alto- into a duty of loyalty and duty of care that all covered gether. Similarly, we suggest that individuals be entities must follow. The duty of loyalty would legally allowed to file private lawsuits in court—but with require covered entities to respect the privacy of substantive and procedural requirements to focus individuals, including by implementing measures for and filter these cases. Because the resolution of data minimization, fairness, and transparency. The these pivotal sticking points—preemption and the duty of care would legally prohibit covered entities private of action—cannot be achieved in isolation from causing foreseeable injuries to individuals, from the substantive requirements in a bill, our report including financial harms, privacy invasions “highly analyzes the full scope of COPRA and USCDPA in offensive to a reasonable person,” and violations of the broader context of a comprehensive approach anti-discrimination laws (See Part II(A) of this report). to protecting information privacy. The goal of this trade-off between flexibility and exposure is to focus attention on risk management and outcomes rather than delineate processes. On the other hand, small and medium entities should B. Overview of be exempt from mechanisms that demand signif- Recommendations icant engineering or personnel, such as the rights of data access, correction, deletion, portability, and our proposed “right to recourse.” Similarly, these GRADUATED APPROACH TO RISK AND organizations should be carved out of a requirement OBLIGATIONS to appoint privacy and security officers. A scaled approach accepts that one size does not fit all when Woven throughout this report is an adaptive reg- it comes to privacy; organizations are diverse and ulatory model that scales privacy and security use data under a wide range of circumstances. obligations according to the covered entity, covered data, and privacy risks involved. As the scale of cov- Another aspect of scaling is graduated effective ered entities increases, the proposed obligations dates of legislation. Unless otherwise provided, pro- become more specific. Federal privacy legislation visions should take effect upon enactment so that should not broadly exclude small businesses; Federal Trade Commission (FTC) authorities imme- rather, all covered entities should be
Load more

Recommended publications
  • Privacy and Publicity: the Two Facets of Personality Rights
    Privacy and publicity Privacy and publicity: the two facets of personality rights hyperbole. In this context, personality In this age of endorsements and rights encompass the “right of privacy”, tabloid gossip, famous people which prohibits undue interference in need to protect their rights and a person’s private life. In addition to coverage in the media, reputations. With a growing number images of celebrities adorn anything from of reported personality rights cases, t-shirts, watches and bags to coffee mugs. India must move to develop its This is because once a person becomes legal framework governing the famous, the goods and services that he or commercial exploitation of celebrity she chooses to endorse are perceived to reflect his or her own personal values. By Bisman Kaur and Gunjan Chauhan, A loyal fan base is a captive market for Remfry & Sagar such goods, thereby allowing celebrities to cash in on their efforts in building up Introduction a popular persona. Intellectual property in India is no longer Unfortunately, a large fan base is a niche field of law. Stories detailing also seen by unscrupulous people as an trademark infringement and discussing opportunity to bring out products or the grant of geographical indications services that imply endorsement by an routinely make their way into the daily individual, when in fact there is no such news headlines. From conventional association. In such cases the individual’s categories of protection such as patents, “right of publicity” is called into play. trademarks, designs and copyright, IP laws The right of publicity extends to every have been developed, often by judicial individual, not just those who are famous, innovation, to encompass new roles and but as a practical matter its application areas of protection.
    [Show full text]
  • Image Is Everything Lowenstein Sandler’S Matthew Savare Gives a Comparative Examination of Publicity Rights in the US and Western Europe
    Publicity rights Image is everything Lowenstein Sandler’s Matthew Savare gives a comparative examination of publicity rights in the US and western Europe Comedian Steven Wright once joked, “It’s a small world, but I the person’s identity has “commercial value” versus only 10 years for wouldn’t want to paint it”. Over the last decade, the proliferation those whose identity does not. of digital technologies has not made the world smaller or easier to • Remedies – the remedies available to plaintiffs also vary from state paint, but it has significantly hastened the globalisation of content. This to state. For example, New York’s statute provides for injunctions, transformation, coupled with the developed world’s insatiable fascination compensatory damages, and discretionary punitive damages. Ohio’s with fame, has spurred the hyper commoditisation of celebrity. statute, which offers the most remedies of any state statute, permits Despite the universality of celebrity, the laws governing the injunctions; a choice of either actual damages, “including any commercial exploitation of one’s name, image, and likeness differ profits derived from and attributable to the unauthorised use of an widely between the US and the nations of western Europe. In light individual’s persona for a commercial purpose” or statutory damages of the increased trafficking in celebrity personas between the two between $2,500 and $10,000; punitive damages; treble damages continents, a brief comparative analysis is warranted. if the defendant has “knowledge of the unauthorised use of the persona”; and attorney’s fees. A primer on US right of publicity law Courts have used primarily three methodologies or some The right of publicity is the “inherent right of every human being to combination thereof to value compensatory damages.
    [Show full text]
  • Much Ado About Newsgathering: Personal Privacy, Law Enforcement, and the Law of Unintended Consequences for Anti-Paparazzi Legislation
    MUCH ADO ABOUT NEWSGATHERING: PERSONAL PRIVACY, LAW ENFORCEMENT, AND THE LAW OF UNINTENDED CONSEQUENCES FOR ANTI-PAPARAZZI LEGISLATION ANDREW D. MORTONt Experience should teach us to be most on our guard to protect liberty when the Government's purposes are beneficent. Men born to freedom are naturally alert to repel invasion of their liberty by evil-minded rulers. The greatest dan- gers to liberty lurk in insidiousI encroachment by men of zeal, well-meaning but without understanding. INTRODUCTION: BALANCING THE INDIVIDUAL RIGHT TO PRIVACY WITH LEGITIMATE LAW ENFORCEMENT SURVEILLANCE Horror, not humor, brought actors Michael J. Fox and Paul Reiser to testify before a hearing of the United States House Judiciary Committee last summer.2 Fox described the "mercenary tactics of tabloid photographers" who turned his wedding into a "nightmare" as helicopters recklessly jock- eyed for position above the ceremony, then "fired away with high-powered cameras" on the couple's honeymoon suite.3 When Reiser's son was born prematurely, disguised journalists infiltrated the hospital with hidden cam- eras to steal a photo of the infant, and after returning home, the child was photographed in the privacy of the family's backyard by "resourceful" jour- t B.A. 1991, M.P.P. Candidate 2000, University of Maryland; J.D. Candidate 2000, Uni- versity of Pennsylvania. This Comment is dedicated to the memory of Alan Rubinstein- gifted attorney, and the father-in-law I have known only through the many whose lives he touched. I am deeply indebted to Ed Pease, Diana Schacht, the staff and members of the U.S.
    [Show full text]
  • Privacy and the Limits of Law
    The Yale Law Journal Volume 89, Number 3, January 1980 Privacy and the Limits of Law Ruth Gavisont Anyone who studies the law of privacy today may well feel a sense of uneasiness. On one hand, there are popular demands for increased protection of privacy, discussions of new threats to privacy, and an intensified interest in the relationship between privacy and other values, such as liberty, autonomy, and mental health.' These demands have generated a variety of legal responses. Most states recognize a cause of action for invasions of privacy.2 The Supreme Court has declared a constitutional right to privacy, a right broad enough to protect abortion and the use of contraceptives. 3 Congress enacted the Privacy Act of 19744 after long hearings and debate. These activities 5 t Visiting Associate Professor of Law, Yale Law School. This Article develops some of the themes of my doctoral thesis, Privacy and Its Legal Protection, written under the supervision of Professor H.L.A. Hart. Much of the inspiration of this piece is still his. I am grateful to Bruce Ackerman, Bob Cover, Owen Fiss, George Fletcher, Harry Frank- furt, Jack Getman, Tony Kronman, Arthur Leff, Michael Moore, and Barbara Underwood, who read previous drafts and made many useful comments. I. The best general treatment of privacy is still A. WEsTIN, PRIVACY AND FREEDOm (1967). For treatment of a variety of privacy aspects, see NoMos XIII, PRIVACY (R. Pen- nock & J. Chapman eds. 1971) (Yearbook of the American Society for Political and Legal Philosophy) [hereinafter cited as Nomos]. 2. W. PROSSER, THE LAW OF TORTS 804 (4th ed.
    [Show full text]
  • Defamation and the Right of Privacy
    Vanderbilt Law Review Volume 15 Issue 4 Issue 4 - October 1962 Article 4 10-1962 Defamation and the Right of Privacy John W. Wade, Dean Vanderbilt Law School Follow this and additional works at: https://scholarship.law.vanderbilt.edu/vlr Part of the Privacy Law Commons, and the Torts Commons Recommended Citation John W. Wade, Dean, Defamation and the Right of Privacy, 15 Vanderbilt Law Review 1093 (1962) Available at: https://scholarship.law.vanderbilt.edu/vlr/vol15/iss4/4 This Article is brought to you for free and open access by Scholarship@Vanderbilt Law. It has been accepted for inclusion in Vanderbilt Law Review by an authorized editor of Scholarship@Vanderbilt Law. For more information, please contact [email protected]. Defamation and the Right of Privacy JOHN W. WADE* In this article Dean Wade discusses the scope of the tort of un- warranted invasion of the right of privacy, comparing and contrasting it with the tort of defamation. He observes that the action for invasion of the right of privacy may come to supplant the action for defamation and that this development should be welcomed by the courts and writers. Finally, he concludes that the whole law of privacy may someday be- come a part of the larger, more comprehensive tort of intentional in- fliction of mental suffering. I. INTRODUOTMON The history of the two torts of defamation and unwarranted invasion of the right of privacy has been greatly different. Defamation developed over a period of many centuries, with the twin torts of libel and slander having completely separate origins and historical growth.
    [Show full text]
  • Three Milestones in the History of Privacy in the United States
    Three Milestones in the History of Privacy in the United States Vernon Valentine Palmer* I. INTRODUCTION ................................................................................... 67 II. A FIRST MILESTONE: WARREN AND BRANDEIS’S INVENTION OF PRIVACY ........................................................................................ 70 A. Intervening Years 1890-1970 ............................................. 79 III. A SECOND MILESTONE: PROSSER’S REFORMULATION OF PRIVACY ............................................................................................. 82 A. Prosser’s Methodology Revisited ....................................... 85 B. Finding Order, Losing Sight of Privacy ............................. 89 C. The Four Privacies Enter American Common Law ........... 91 IV. THE THIRD MILESTONE: THE CONSTITUTIONAL TRANSFORMATION OF LIBERTY INTO PRIVACY ................................. 93 V. CONCLUSION ...................................................................................... 97 I. INTRODUCTION The subject of privacy rights fits somewhere within the far broader subject of personality rights. Personality rights of course are numerous and diffuse. As Jean Dabin defined them, they are “rights whose subject is the component elements of the personality considered in its manifold aspects, physical and moral, individual and social.”1 They may be classified by general headings under which related interests are grouped together. On the Continent and in countries where a general theory of personality rights has
    [Show full text]
  • The Safeguards of Privacy Federalism
    THE SAFEGUARDS OF PRIVACY FEDERALISM BILYANA PETKOVA∗ ABSTRACT The conventional wisdom is that neither federal oversight nor fragmentation can save data privacy any more. I argue that in fact federalism promotes privacy protections in the long run. Three arguments support my claim. First, in the data privacy domain, frontrunner states in federated systems promote races to the top but not to the bottom. Second, decentralization provides regulatory backstops that the federal lawmaker can capitalize on. Finally, some of the higher standards adopted in some of the states can, and in certain cases already do, convince major interstate industry players to embed data privacy regulation in their business models. TABLE OF CONTENTS I. INTRODUCTION: US PRIVACY LAW STILL AT A CROSSROADS ..................................................... 2 II. WHAT PRIVACY CAN LEARN FROM FEDERALISM AND FEDERALISM FROM PRIVACY .......... 8 III. THE SAFEGUARDS OF PRIVACY FEDERALISM IN THE US AND THE EU ............................... 18 1. The Role of State Legislatures in Consumer Privacy in the US ....................... 18 2. The Role of State Attorneys General for Consumer Privacy in the US ......... 28 3. Law Enforcement and the Role of State Courts in the US .................................. 33 4. The Role of National Legislatures and Data Protection Authorities in the EU…….. .............................................................................................................................................. 45 5. The Role of the National Highest Courts
    [Show full text]
  • A Model Regime of Privacy Protection
    GW Law Faculty Publications & Other Works Faculty Scholarship 2006 A Model Regime of Privacy Protection Daniel J. Solove George Washington University Law School, [email protected] Follow this and additional works at: https://scholarship.law.gwu.edu/faculty_publications Part of the Law Commons Recommended Citation Daniel J. Solove & Chris Jay Hoofnagle, A Model Regime of Privacy Protection, 2006 U. Ill. L. Rev. 357 (2006). This Article is brought to you for free and open access by the Faculty Scholarship at Scholarly Commons. It has been accepted for inclusion in GW Law Faculty Publications & Other Works by an authorized administrator of Scholarly Commons. For more information, please contact [email protected]. SOLOVE.DOC 2/2/2006 4:27:56 PM A MODEL REGIME OF PRIVACY PROTECTION Daniel J. Solove* Chris Jay Hoofnagle** A series of major security breaches at companies with sensitive personal information has sparked significant attention to the prob- lems with privacy protection in the United States. Currently, the pri- vacy protections in the United States are riddled with gaps and weak spots. Although most industrialized nations have comprehensive data protection laws, the United States has maintained a sectoral approach where certain industries are covered and others are not. In particular, emerging companies known as “commercial data brokers” have fre- quently slipped through the cracks of U.S. privacy law. In this article, the authors propose a Model Privacy Regime to address the problems in the privacy protection in the United States, with a particular focus on commercial data brokers. Since the United States is unlikely to shift radically from its sectoral approach to a comprehensive data protection regime, the Model Regime aims to patch up the holes in ex- isting privacy regulation and improve and extend it.
    [Show full text]
  • A Framework for Preemption Analysis
    A Framework for Preemption Analysis The decisions of the Supreme Court in cases involving preemption of state law by federal statutes have often produced considerable con- fusion' and criticism. 2 This Note argues that those decisions can be rationalized according to the protection afforded by the state law in question. Laws that protect the people inside state borders from physical injury have received the greatest deference from the Court. Laws that protect the people inside state borders from other dangers have received less deference. State laws that purport to protect people mostly outside state borders have received little deference. Recogni- tion of these categories, as they are set out in this Note, can assist courts as they deal with future preemption cases. I. Categories for Preemption Analysis It is useful to distinguish four possible relationships between na- tional and state laws, which may conveniently be called "express pre- emption," "express saving," "prohibition of dutiful conduct," and "hindrance." Express preemption and express saving are direct rela- tionships between national and state law. Express preemption occurs when a national statute expressly forbids state regulation of a certain type or expressly requires that national regulation be exclusive. Ex- press saving is present when a national statute expressly forbids courts to preempt state laws. Prohibition of dutiful conduct and hindrance are indirect relationships, which involve more complex interactions between state and national law. Prohibition of dutiful conduct is present when state law requires someone to breach duties imposed by national law. Hindrance occurs when state law interferes with op- portunities created by national law, or with the performance of federal duties.
    [Show full text]
  • The Federal Trade Commission and Consumer Privacy in the Coming Decade
    University of Pennsylvania ScholarlyCommons Departmental Papers (ASC) Annenberg School for Communication 2007 The Federal Trade Commission and Consumer Privacy in the Coming Decade Joseph Turow University of Pennsylvania, [email protected] Chris Hoofnagle UC Berkeley School of Law, Berkeley Center for Law and Technology Deirdre K. Mlligan Samuelson Law, Technology & Public Policy Clinic and the Clinical Program at the Boalt Hall School of Law Nathaniel Good School of Information at the University of California, Berkeley Jens Grossklags School of Information at the University of California, Berkeley Follow this and additional works at: https://repository.upenn.edu/asc_papers Part of the Communication Commons Recommended Citation (OVERRIDE) Turow, J., Hoofnagle, C., Mulligan, D., Good, N., and Grossklags, J. (2007-08). The Federal Trade Commission and Consumer Privacy in the Coming Decade, I/S: A Journal Of Law And Policy For The Information Society, 724-749. This article originally appeared as a paper presented under the same title at the Federal Trade Commission Tech- ade Workshop on November 8, 2006. The version published here contains additional information collected during a 2007 survey. This paper is posted at ScholarlyCommons. https://repository.upenn.edu/asc_papers/520 For more information, please contact [email protected]. The Federal Trade Commission and Consumer Privacy in the Coming Decade Abstract The large majority of consumers believe that the term “privacy policy” describes a baseline level of information practices that protect their privacy. In short, “privacy,” like “free” before it, has taken on a normative meaning in the marketplace. When consumers see the term “privacy policy,” they believe that their personal information will be protected in specific ways; in particular, they assume that a website that advertises a privacy policy will not share their personal information.
    [Show full text]
  • Preemption Under the Controlled Substances Act Robert A
    Journal of Health Care Law and Policy Volume 16 | Issue 1 Article 2 Preemption Under the Controlled Substances Act Robert A. Mikos Follow this and additional works at: http://digitalcommons.law.umaryland.edu/jhclp Part of the Health Law Commons, Policy Design, Analysis, and Evaluation Commons, Public Policy Commons, and the State and Local Government Law Commons Recommended Citation Robert A. Mikos, Preemption Under the Controlled Substances Act, 16 J. Health Care L. & Pol'y 5 (2013). Available at: http://digitalcommons.law.umaryland.edu/jhclp/vol16/iss1/2 This Conference is brought to you for free and open access by DigitalCommons@UM Carey Law. It has been accepted for inclusion in Journal of Health Care Law and Policy by an authorized administrator of DigitalCommons@UM Carey Law. For more information, please contact [email protected]. PREEMPTION UNDER THE CONTROLLED SUBSTANCES ACT ROBERT A. MIKOS States are conducting bold experiments with marijuana law. Since 1996, eighteen states and the District of Columbia have legalized the drug for medical purposes, and two of them have legalized it for recreational purposes as well.1 These states have also promulgated a growing body of civil regulations to replace prohibition. The regulations cover nearly every facet of the marijuana market. Colorado, for example, has adopted more than seventy pages of regulations governing just the distribution of medical marijuana.2 Among many other things, Colorado‘s regulations require medical marijuana vendors to apply for a special Copyright © 2013 by Robert A. Mikos. Professor of Law and Director of the Program in Law & Government, Vanderbilt University Law School.
    [Show full text]
  • Recommendations for Businesses and Policymakers Ftc Report March 2012
    RECOMMENDATIONS FOR BUSINESSES AND POLICYMAKERS FTC REPORT FEDERAL TRADE COMMISSION | MARCH 2012 RECOMMENDATIONS FOR BUSINESSES AND POLICYMAKERS FTC REPORT MARCH 2012 CONTENTS Executive Summary . i Final FTC Privacy Framework and Implementation Recommendations . vii I . Introduction . 1 II . Background . 2 A. FTC Roundtables and Preliminary Staff Report .......................................2 B. Department of Commerce Privacy Initiatives .........................................3 C. Legislative Proposals and Efforts by Stakeholders ......................................4 1. Do Not Track ..............................................................4 2. Other Privacy Initiatives ......................................................5 III . Main Themes From Commenters . 7 A. Articulation of Privacy Harms ....................................................7 B. Global Interoperability ..........................................................9 C. Legislation to Augment Self-Regulatory Efforts ......................................11 IV . Privacy Framework . 15 A. Scope ......................................................................15 1. Companies Should Comply with the Framework Unless They Handle Only Limited Amounts of Non-Sensitive Data that is Not Shared with Third Parties. .................15 2. The Framework Sets Forth Best Practices and Can Work in Tandem with Existing Privacy and Security Statutes. .................................................16 3. The Framework Applies to Offline As Well As Online Data. .........................17
    [Show full text]