Page 31 - Publication6
P. 31
Check into a hospital and provide your information to the the U.S. Privacy Protection Study Commission to evaluate
registrar and your personal data is ideally protected by the and report on recommendations for improving collection,
Health Insurance Portability and Accountability Act maintenance, use, and dissemination of personal
(HIPAA). When you open a bank account, your information…the way it was handled in 1975. True, there
information is protected by the Gramm–Leach–Bliley Act were IBM Mainframes in 1975 that were capable of 10
(GLBA). For the handling of the data contained in your million instructions per second or MIPS, but the price per
credit report, the standard is the Fair and Accurate Credit MIPS was around $1 million, undoubtedly dictating the
Transactions Act (FACTA). On the first day of your job, widespread use of paper and file cabinets as the go-to
when you have to present documentation that states you repositories for personal information.
are you, the standard that is designed to protect you is the
Data Protection Act … if you lived in the United Kingdom. The Privacy Act appears to have been passed in the 11 th
rd
Congratulations United Kingdom on a job well done. In hour of the 93 Congress with little fanfare. No conference
the United States however, there is no master, committee was convened for debate and the Act was
comprehensive federal legislation regulating the collection quickly passed by both the House and Senate. Seems the
and use of personal identity data, and therefore no data chances of someone breaking into the DOJ and stealing
management standard practice for Human Resource personal information were next to nil. Otherwise, more
managers to follow as a guideline when collecting employee attention and debate would have been put forth.
identity information. What does the U.S. have� Essentially, Congress did pass the Identity Theft and Assumption
we have a national disparate system of federal and state Deterrence Act in 1998, but this legislation was created, for
laws, and regulations that, if we are lucky, overlap one the most part, to identify a new type of theft (electronic as
another to provide some level of security for new hire felony) and also established penalties for the crime. Again,
identity data. another Act that issued no guidelines for managing data to
ensure personal identity security, just the crime definition
The U.S. does have the Privacy Act of 1975 that protects and its penalty.
your data when it is collected and stored in repositories
managed by the Department of Justice. The Privacy Act, Over the years, the Federal Trade Commission (FTC) has
st
in its 41 year of existence is certainly outdated but it does stepped up and become the de facto enforcer of best
provide some foundation of a guideline for the use of your practice data management to ensure the commercial sector
data, most notably, the Act stipulates the DOJ needs your keeps employee/user data secure. In 2012, the FTC issued
permission to send your data to any other agency. This is the first report offering best practices for businesses to
known as the �No Disclosure Without Consent� rule, a protect consumer privacy and on ftc.gov, there are a
standard in wide use throughout the commercial sector but multitude of press releases on their involvement with
does not, by any means, constitute a standard. privacy interests of consumers. In one particular release
dated May 23, 2014, the Agency announced that it
In fact, the DOJ states clearly on its website authorized staff of the FTC�s Bureau of Consumer
www.justice.gov, that the Privacy Act merely established Protection to oversee the bankruptcy proceedings of
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 3
