IT 801 – INFORMATION LAW & POLICY
Class #1 (September 5, 2002) – INTRODUCTION: In this session, we will explore the various definitions and concepts of “information.” We will discuss the history and development of information policy in the United States and examine the regulatory mechanisms and applicable statutes. In addition, we will begin an ongoing analysis of "informational privacy"-- an individual's right to control his or her personal information held by others.
Class #2 (September 12, 2002) – ACCESS TO INFORMATION ABOUT THE GOVERNMENT: This session will focus on information about the government. Among the topics that will be addressed are public records and Federal and state Open Meetings Acts, Freedom of Information Acts and the federal Privacy Act.
1. John J. LaFalce, A Balancing of Values After the Terrorist Attacks, The Hill S5 (Oct. 17, 2001).
2. Reporters Committee for Freedom of the Press, Homefront Confidential, 2d Edition (September 2002) <http://www.rcfp.org/homefrontconfidential> (accessed Sept. 5, 2002).
3. Federal Consumer Information Center, Freedom of Information and Privacy Acts: A Brief Primer, <http://www. pueblo.gsa.gov > (accessed January 28, 2002).
4. 2001 Freedom of Information Act Policy, http://www.usdoj.gov:80/oip/foiapost/2001foiapost19.htm> (accessed January 10, 2002).
5. 1993 Freedom of Information Act Policy, <http://www.fas.org/sgp/clinton/reno.html> (Accessed January 10, 2002).
6. Freedom of Information Act, 5 U.S.C. § 552 (1996).
7. The Privacy Act of 1974, 5 U.S.C. § 552A (2001).
8. ACLU Demands DoJ Unveil Surveillance Data, United Press International (Aug. 21, 2002).
9. Appeals Court Rules Against Closed Sept. 11 Hearings, Washingtonpost.com (Aug. 26, 2002) <http://www.washingtonpost.com/wp-dyn/articles/A62949-2002Aug26.html> (accessed Sept. 5, 2002).
10. Detroit Free Press v. Ashcroft, 2002 U.S. App. LEXIS 17646; 2002 FED App. 0291P (6th Cir. 2002).
11. D.O.J. v. RCFP, 489 U.S. 749 (1989).
12. Public Citizen v. F.A.A., 988 F.2d 186 (DC Cir. 1993).
13. Phillippi v. C.I.A., 655 F. 2d 1325 (DC Cir. 1981).
14. Reporters Committee for Freedom of the Press, Major FOIA Cases, <http://www.rcfp.org/foiact/appf.html> (Accessed January 10, 2002).
Access to Government Information -- please browse the following sites for additional information about federal and state laws:
Federal Freedom of Information Act:
Open Meetings Act: http://www.usdoj.gov/foia/gisastat.htm
Privacy Act: http://www4.law.cornell.edu/uscode/5/552a.html
State Laws: http://www.nfoic.org/web/index.htm
Class #3 (September 26, 2002) – INFORMATION THE GOVERNMENT HAS ABOUT INDIVIDUALS/PUBLIC INFORMATION/PUBLIC RECORDS: Here, we will explore information about individuals that is collected, maintained and used by the government.
1. Ellen Sorokin, We Are Safer Than We Were a Year Ago, The Washington Times, A20 (Sept. 11, 2002).
2. * Please browse this site. It contains a lot of information about various government surveillance techniques and laws. Government Surveillance Web Site , Center for Democracy & Technology, <http://www.cdt.org/wiretap/> (accessed September 12, 2002).
3. Julia Scheeres, How Changed Laws Changed U.S., Wired News (Sept. 11, 2002) <http://www.wired.com/news/print/0,1294,55065,00.html> (accessed Sept. 11, 2002).
4. Brad Smith, Critics Alarmed Over Post-9/11 Crackdown, The Tampa Tribune, Nation/World 12 (Sept. 2, 2002).
5. Patricia Cohen, 9/11 Law Means More Snooping? Or Maybe Less, The New York Times, B9 (Sept. 9, 2002).
6. * Please take a look at the text of the USA Patriot Act (particularly Title II § 212) which can be found at http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_bills&docid=f:h3162enr.txt.pdf (accessed Sept, 10, 2002).
9. * Please browse the Department of Homeland Security’s Web Site at <http://www.whitehouse.gov/deptofhomeland/> (accessed Sept. 12, 2002).
10. Access to Police Records Under the Illinois Freedom of Information Act, The Reporters Committee for Freedom of the Press, Tapping Officials Secrets (4th Edition, 2001), <http://www.reporterscommittee.org/tapping2001/index.cgi?key=IL > (Accessed February 4, 2002).
11. Illinois Uniform Conviction Information Act, 20 ILCS 2635/1 et seq. The statute and a short summary is available at <http://www.state.il.us/isp/ucia001.html>.
12. Illinois “Megan’s Law” – Sex Offender Registration and Community Notification Act, 730 ILCS 152. A summary of the law and a number of good links can be found at <http://www.klaaskids.org/st-ill.htm> (accessed Sept. 12, 2002) (home page text included).
13. Illinois v. Malchow, 739 N.E. 2d 433 (Il. 2000).
14. * Please browse the statutes at:
15. National ID Cards Web Site, Electronic Privacy Information Center, <http://www.epic.org/privacy/id_cards/> (accessed Sept. 12, 2002) (home page text included, you may wish to browse this site for additional information and links).
16. Fred Barnes, Let’s See Some ID Please, The Weekly Standard (Sept. 9, 2002).
17. Kate Corrigan, Driver’s License Security Issues, Testimony Before the House Transportation and Infrastructure Highways and Transit Subcommittee (Sept. 5, 2002).
18. Reno v. Condon, 528 U.S. 141 (2000).
19. Anne W. Branscomb, Who Really Owns Public Information? Lecture, University of Pittsburgh, (October 16, 1996), <http://www.sis.pitt.edu/~slishtml/deans/lecture.htmll> (accessed August 29, 2001).
Class #4 (October 3, 2002) – INFORMATION THE PRIVATE SECTOR HAS ABOUT INDIVIDUALS: This class will focus on the impact of technology on information exchange, transactions and security. We will discuss methods of collecting information including voluntary disclosure, transactional trails, and physical trails. We will also delve into the balancing of interests: information as a commodity v. personal privacy. We will also look at the regulatory mechanisms (government and industry self-regulation) used to protect consumer’s personal information.
1. Paul H. Rubin and Thomas M. Lenard, Privacy and the Commercial Use of Information, Executive Summary, Kluwer Academic Publishers July 2001.
2. Committee Approves Online Privacy Protection Act, S. 2201, Sen. Ernest F. Hollings Press Release, May 17, 2002.
3. S.2201 Online Personal Privacy Act, Bill Summary & Status, <http://thomas.loc.gov> (acccessed Sept. 25, 2002). Also, Please browse the full text of this bill.
4. * ASSIGNMENT: Find an article or Web site that either supports or criticizes the Online Personal Privacy Protection Act (S.2201). Be prepared to discuss this item in class.
5. John Schwartz, Giving Web a Memory Cost its Users Privacy, New York Times, Tuesday Sept. 4, 2001 at A,1-2.
6. * Please browse http://www.doubleclick.com.
7. Will Rodger, Activists Charge DoubleClick Double Cross: Web users have lost privacy with the drop of a cookie, they say. <USAToday.com> (Accessed Feb. 8, 2002).
8. In Re: DoubleClick Inc., Compliant and Request for Injunction, Request for Investigation and for Other Relief. Before the Federal Trade Commission.
9. Keith Perine and Ben Hammer, FTC Clears DoubleClick, The Industry Standard, Jan. 22, 2001, <http:www.thestandard.com/article/0,1902,21584,00.html> (accessed Feb. 12, 2002).
10. In Re: DoubleClick Inc. Privacy Litigation, 154 F.Supp.2d 497 (S.D.N.Y., 2001).
11. Microsoft Settles FTC Charges Alleging False Security and Privacy Promises, Federal Trade Commission Press Release, August 8, 2002.
12. In Re: Microsoft Corporation, Complaint and Request for Injunction, Request for Investigation and for Other Relief. Before the Federal Trade Commission.
13. In Re: Microsoft Corporation, Agreement Containing Consent Order, Federal Trade Commission.
14. John Borland, Wireless phone tracking plans raise privacy hackles, Cnet News.com Nov. 10, 2000, <http://www.news.cnet.com/news/0-1004-200-3624256.html?tag=prntfr> (Accessed Feb. 8, 2002).
15. Bob Tedeschi, Privacy vs. Profits – It doesn’t have to be a trade-off. New technologies let you earn customers’ trust and their business; Smart Business for the New Economy, Oct. 1, 2001 at 56.
16. * Please browse http://www.ftc.gov/privacy/index.html.
Class #5 (October 10, 2002) – FINANCIAL INFORMATION: Here, we will look at permitted uses and disclosures of an individual’s financial information. We will analyze the FCRA, GLB, and other regulations and public v. private sector access to an individual’s financial information. We will also examine how post-911 regulations and policies affect the confidentiality of financial information.
Please be familiar with the following statutes:
In 1978, Congress passed the Right to Financial Privacy Act (RFPA) 12 U.S.C. 3401 et seq., providing some confidentiality to the financial records of depositors by governing the transfer of financial records. In general, banks are prohibited from disclosing client payment information to the government without a court order, however, the law does have a number of important exceptions. The full text of this statute can be found at http://www4.law.cornell.edu/uscode/12/ch35.html .
31 U.S.C. 5311-5355 is designed to aid the federal government in detecting illegal activity through tracking certain monetary transactions. It requires financial institutions to file reports of currency transactions conducted in amounts over $10,000; requires record keeping on beneficiaries and originators of funds transfers in amounts over $3,000; requires information gathering and record keeping on sales of monetary equivalents (money orders, cashier's checks, traveler's checks) in amounts between $3,000 and $10,000 and establishes certain exemptions to the currency transaction reporting requirements.
The Electronic Funds Transfer Act of 1978, 15 U.S.C. 1693 - 1693r, establishes "mandatory guidelines for the relationship between consumers and financial institutions in connection with electronic fund transactions." The primary objective is the provision of individual consumer rights.
In 1970, Congress enacted the Fair Credit Reporting Act (FCRA), 15 U.S.C. 1681, broadly regulating the consumer reporting agency in the interest of protecting the confidentiality and privacy rights of the consumer. The FCRA requires credit investigations and reporting agencies to make their records available to the subjects of the records, provides procedures for correcting information and permits disclosure only to authorized customers. Full text at http://www.ftc.gov/os/statutes/fcra.htm.
In 1996, Congress passed the Consumer Credit Reporting Reform Act, 15 U.S.C. 1681-1681t (1997), to help close some of the loopholes found in the FCRA. The Act narrowed the broad "legitimate need" purpose for which credit reports could be disseminated. Consumer credit reports may now be furnished for employment purposes only if the employer certifies that the employee has consented in writing.
15 U.S.C. 6809. This act regulates the disclosure of nonpublic personal information by financial institutions. Gramm-Leach-Bliley prohibits the distribution of account numbers to telemarketers and requires financial institutions to disclose their privacy policies and to provide consumers with the option of opting out of disclosure to unaffiliated third parties. Additionally, all financial institutions must disclose annually to all customers its policies and procedures for protecting customers' nonpublic personal information, including its policies and practices regarding the disclosure of information to both unaffiliated third parties and affiliated entities. Federal and state regulators are required to create rules protecting a consumer’s confidential financial information. Companies subject to this Act must be in compliance by July 1, 2001.
The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (“Patriot Act”), enacted on October 26, 2001 in response to the terrorist attack of September 11, 2001, affected 184 individual federal statutes (including a number governing disclosure of financial information). Congress states at the beginning of the Patriot Act that the intended effect of this legislation is to “deter and punish terrorist acts in the United States and around the world, to enhance law enforcement investigatory tools, and for other purposes.”
1. Jonathan Nicholson, Anti-terrorism Bill Stirs Criticism, The San Diego Union-Tribune, Feb. 11, 2002 at A2.
2. Heather Timmons, Freeze Assets Now, Ask Questions Later, Business Week , Oct. 15, 2001 at 98.
3. Rick Whiting, Making Privacy Work, Information Week, , Aug. 19, 2002.
5. Federal Trade Commission, Trans Union's Sale of Personal Credit Information Violates Fair Credit Reporting Act, FTC Rules, FTC Press Release, March 1, 2000 , <http://www.ftc.gov/opa/2000/03/transunion.htm> (accessed February 18, 2002).
8. Class Alleges Citigroup Illegally Obtained Credit Reports, 5 Consumer Financial Services Report 9 (Oct. 15, 2001).
9. Remsburg v. Docusearch, 2002 DNH 80, 2002 U.S. Dist. LEXIS 6231 (DNH, Apr. 2, 2002).
10. * Credit Scores. Please browse http://www.myfico.com - especially the link “How to Get a Better Score,” (accessed Oct. 2, 2002).
11. Privacy Rights Clearinghouse, Protecting Financial Privacy in the New Millennium: The Burden Is on You,<http://www.privacyrights.org/fs/fs24-finpriv.htm> (accessed Oct. 18, 2001).
For additional informtaion about GLB, please browse:
EPIC’s GLB Page (http://www.epic.org/privacy/glba/)
· Comments to Department of Treasury on GLB. PDF file: http://www.epic.org/privacy/financial/glb_comments.pdf
Direct Marketing Association FAQ’s on GLB (http://www.the-dma.org/government/grammleachblileyact.shtml)
<http://www.siliconvalley.com/docs/news/svfront/018507.htm> (accessed Feb. 12, 2002).
5. Americans Oppose National Health Record Database, Health Management Technology, Feb. 2001 at 7.
7. * Please browse the Health Privacy Project’s Web site at http://www.healthprivacy.org/.
8. Larri Short, Unlocking the Secrets of the New Privacy Rule, Occupational Hazards at 5, (Sept. 1, 2002.
9. Dave Addis, Medical Privacy Law Could Skew Pro Sports, Virginian Pilot at B1, June 21, 2002.
GENETIC PRIVACY, DNA, GENOME PROJECT:
Some very good supplemental information about the Human Genome Project can be found at the Lawrence Berkley National Laboratory’s site at http://www.lbl.gov/Publications/TKO/.
14. Attention Shoppers: Special Today -- Iceland's DNA,
15. Stephanie Overby, Iceland’s Dilemma: Privacy vs. Progress, CIO Magazine, Jul. 15, 2001.
16. Executive Order 13145 To Prohibit Discrimination In Federal Employment Based On Genetic Information.
18. John Simons, Greed Meets Terror; Can biometric systems foil terrorists? Probably not--but try telling that to Wall Street. Fortune, October 29, 2001 at 145
19. Cathy Booth Thomas, Who Goes There?; New security technologies are helping companies control whom--and what--they let in, Time, Oct. 29, 2001 at B20.
20. Special Report; Biometrics; The It Department Wants Your Body, Computing, Oct. 11, 2001 at 61.
21. * Please browse this site: ... 12 Ways To Use Your Body As Your Password. <http://www.zdnet.com/pcmag/features/biometrics/index.html>.
22. Robert O’Harrow, Jr., Intricate Screening of Fliers in Works, Washington Post, Feb. 1, 2002 at A1.
24. * Please read this online article and browse the site: Brian Matross, Online Data Profiling and Internet Privacy Regulation - The Debate Continues. http://www.internetlawjournal.com/content/ecomheadline09040101.htm.
25. * Please browse this site: Biographical Profiling Project, <http://www.proresearchgroup.com/> (accessed feb. 26, 2002).
Class #7 (October 31, 2002) – DATAMINING/TARGET MARKETING/USE AND ABUSE OF CUSTOMER LISTS: In this session, we will take a cost/benefit approach as we investigate the collection, manipulation and distribution (buying, selling and trading) of consumer information. Student presentations will continue.
1. John Montana, Data Mining: A Slippery Slope, Information Management Journal, Oct. 1, 2001 at 50.
5. Robert O’Harrow Jr., Air Safety Check Would Reveal Your Private Life, Orlando Sentinel, A1 (Feb. 1, 2002).
Please pay special attention to the DMA’s privacy policies at
and its Electronic Media Survey at
10. W.A. Lee, Ruling May Reduce Threat of Privacy Penalties, The American Banker, 7 (Oct. 8, 2002).
CUSTOMER LISTS/CASE STUDY:
16. James Dillon, et al, Top Strategies for Minimizing Risk of Privacy Lawsuits and Enforcement Actions, 19 Computer & Internet Lawyer 28 (Oct. 2002).
18. Privacy Rights Clearinghouse, Fact Sheet 19: Caller ID and My Privacy, Revised 2000, http:www.privacyrights.org.
Class #8 (November 7, 2002) – PRIVACY POLICIES, CERTIFICATION SERVICES AND OTHER SELF-REGULATORY MECHANISMS: This class will explore some of the industry approaches to self-regulation. Student presentations will continue.
5. Protecting Consumers' Privacy: 2002 and Beyond, Remarks of Federal Trade Commission Chairman Timothy J. Muris, Oct. 1, 2001, http://www.ftc.gov/speeches/muris/privisp1002.htm (accessed Oct. 30, 2002).
Class #9 (November 14, 2002) – IDENTITY THEFT AND OTHER SCAMS: Here, we will focus on the data subject’s (victim’s) rights and remedies when personal information is used without knowledge and/or consent. Student presentations will continue.
1. Anne Kates Smith, What Were They Thinking? Kiplinger's Personal Finance Magazine, April 2002 at 94.
2. Dot Cons, Federal Trade Commission Publication, http://www.ftc.gov/bcp/conline/pubs/online/dotcons.htm (accessed Nov. 5, 2002).
3. * Please Browse the Federal Trade Commission’s Dot Con Site at http://www.ftc.gov/bcp/conline/edcams/dotcon/consumer.htm (accessed Nov. 5, 2002).
4. Bogus "Gold Card" Marketers Settle FTC Charges, Federal Trade Commission Press Release, Nov. 7, 2002, http://www.ftc.gov (accessed Nov. 7,2002).
5. Steven P. Garmisa, Company faces suit for disclosing employee Social Security numbers, Chicago Daily Law Bulletin, Oct. 17, 2002 at 1.
6. Tim Novak, 5,000 Workers' Identities Swiped, Chicago Sun-Times, Oct. 9, 2002 at A1.
7. Dave Newbart, Workers' ID theft spurs state review, Chicago Sun-Times, Oct. 13, 2002 at 56.
8. Frank Main; Carlos Sadovi, Tellers Bribed In ID Theft Ring, Feds Say, Chicago Sun-Times, Oct. 3, 2002 at 12.
9. Busboy Pleads Guilty In Largest Web Identity Theft, Chicago Tribune, Oct. 4, 2002 at N2.
10. ID Theft: When Bad Things Happen to Your Good Name, Federal Trade Commission Publication, February 2002, http://www.ftc.gov/bcp/conline/pubs/credit/idtheft.htm (accessed Nov. 5, 2002).
11. * Please browse the U.S. Government’s Central ID Theft Web site at http://www.consumer.gov/idtheft (accessed Nov. 5, 2002).
12. Dimezza v. First U.S.A. Bank, Inc., et al, 103 F.Supp.2d 1296 (D.NM 2000).
13. Charles Nicodemus, Authorities Search for Mysterious Local Coach, Chicago Sun-Times, Jan. 21, 1994 at 18.
14. Julie Irwin, Gregory Motley Faces Charges of Felony Forgery, Chicago Tribune, Jan. 24, 1994 at C1.
15. Julie Irwin, “Coach” Meets the Original, Chicago Tribune, Jan. 25, 1994 at N1.
16. Phony Teacher Pleads Guilty, Chicago Sun-Times, May 14, 1994 at 12.
17. Barry Temkin, Prep Basketball Coach Convicted of Forgery Resurfaces, Chicago Tribune,July 20, 1994 at N1.
18. Illinois Financial Identity Theft and Asset Forfeiture Law, 720 ILCS 6/16G.
19. Please Browse the Following Sites:
Class #10 (November 21, 2002) – SPECIAL PROBLEMS: CHILDRENS’ PRIVACY, WORKPLACE PRIVACY AND WRAP UP: This final class will examine some of the issues that arise when dealing with information about children and parents. We will also explore some of the special problems that currently exist when collecting information from children. And, we will continue our discussion about informational privacy in the workplace.
INFORMATION FROM AND ABOUT PARENTS:
Iowa Planned Parenthood Case Revisited:
1. Iowa Supreme Court Dismisses Planned Parenthood Case, The Associated Press, Oct. 31, 2002.
2. Stacy Hupp, The Storm Lake Case, Des Moines Register, Nov. 3, 2002 at 3B.
3. Planned Parenthood's Medical Privacy Case Dismissed, Planned Parenthood of Greater Iowa Web Site, http://www.ppgi.org/default.asp (accessed Nov. 10, 2002).
Parents Magazine, http://www.parents.com/
Parenting.org – a Service of Girls and Boys Town, http://www.parenting.org/
FAO Schwartz Toys, http://www.fao.com/default.cfm
ToysRUs and BabiesRUs, http://www.babiesrus.com
INFORMATION ABOUT CHILDREN:
14. Database Form Sends Names and Addresses of Families to Person Using the Name of a Child Killer, Electronic Privacy Information Center, May 12, 1996 (accessed March 22, 2002)
15. High Court Rules Students Cannot Sue Schools for Divulging Personal Information, Bulletin’s Frontrunner, June 21, 2002.
16. Gonzaga University v. Doe, 122 S. Ct. 2268 (2002).
INFORMATION FROM CHILDREN:
21. Federal Trade Commission, FTC Announces Settlements with Web Sites That Collected Children's Personal Data Without Parental Permission, April 19, 2001, http://www.ftc.gov/opa/2001/04/girlslife.htm (accessed Apr. 6, 2002).
* Link to Web site, no text included.