Presentation is loading. Please wait.

Presentation is loading. Please wait.

Student Financial Assistance. Session 55-2 Session 55 Internet Privacy Laws.

Published byLionel Stevenson Modified over 8 years ago

Similar presentations

Presentation on theme: "Student Financial Assistance. Session 55-2 Session 55 Internet Privacy Laws."— Presentation transcript:

1 Student Financial Assistance

2 Session 55-2 Session 55 Internet Privacy Laws

3 Session 55-3 Background n There really aren’t any per se privacy laws. n Instead, there is a patchwork of federal and state laws that are potentially applicable. n We will cover these areas and see if we can identify some useful constructs.

4 Session 55-4 Should You Have a Privacy Policy and What Should it Say? This is the question that always comes up. Perhaps the answer is that you need privacy practices and in some cases privacy policies.

5 Session 55-5 Privacy Issues n A college or university that deals with student records, financial aid information or health care information online may have to deal with a number of privacy issues. n The irony is that, with certain limited exceptions, there is no legal requirement for a web site operator to have a privacy policy.

6 Session 55-6 Privacy -- the Legal Framework n There are no comprehensive federal privacy laws -- instead, specific federal laws were enacted to deal with particular types of privacy abuses. n Privacy law is largely based on state law. n The FTC has jurisdiction to challenge "unfair or deceptive practices," which can include failure to comply with privacy promises.

7 Session 55-7 State Privacy Laws n Generally based on four common law causes of action. –1) Intrusion into another’s solitude or seclusion; –2) Public disclosure of sensitive private facts; –3) Misappropriation of name/likeness; –4) Presentation of another in a “false light”. n May have claims for misappropriation of personal information

8 Session 55-8 Federal Privacy Laws n Generally these only deal with specific types of situations. n They are not always consistent with one another. n Furthermore, some of them leave unanswered important questions on how to comply.

9 Session 55-9 Federal Privacy Laws n Children’s Online Privacy and Protection Act (COPPA). Applies to web sites or online services “directed” to children under 13 or general audience web sites that have actual knowledge of collecting personal information from children. n Requires a posted privacy notice, but probably not applicable to most college/ university web sites.

10 Session 55-10 Federal Privacy Laws (cont.) n Family Educational Rights and Privacy Act (FERPA). Generally requires educational institutions that receive federal funds to keep students’ personally identifiable education information (such as grades or application information) private. n Does not require a privacy policy, but if a school maintains student information on a web site, must be careful to keep it private.

11 Session 55-11 Federal Privacy Laws (cont.) n FERPA appears to be strict liability - good faith effort may not be enough. n No exception for security breaches? n Recent example at University of Montana (accidental posting of psychological records of 62 children and teenagers).

12 Session 55-12 Federal Privacy Laws (cont.) n Gramm-Leach-Bliley Act (GLB Act). Requires that “financial institutions” (broadly defined) issue privacy notices to their customers and, in certain circumstances, provide them with the opportunity to opt out of disclosures. n If a school deals with students’ financial information online, a privacy notice may be required.

13 Session 55-13 Federal Privacy Laws (cont.) n Compliance with FERPA with respect to student financial data will be deemed compliance with the GLB Act. n Creates a loophole for financial aid? But does not necessarily cover all financial data gathered and disseminated online. n Also, affiliates may not be entitled to GLB Act exemptions.

14 Session 55-14 Federal Privacy Laws (cont.) n Office of Health and Human Services Rule (HHS Rule). Establishes that consumers have the right to receive written notice of information practices of health care providers that conduct certain transactions electronically. n If a school has a health care provider (i.e., a student health clinic), may need “written notice” of electronic information practices.

15 Session 55-15 Federal Privacy Laws (cont.) n Electronic Communications Privacy Act (ECPA). Generally forbids the interception, use, and disclosure of private e-mail. n Does not require a posted privacy policy, but recent cases have found no liability under the ECPA where privacy policies existed. (Similarly, a privacy policy could serve to dispel the “reasonable expectation of privacy” under the Fourth Amendment.)

16 Session 55-16 Additional Federal Law Considerations n FTC has enunciated five core privacy principles -- notice, choice, access, security, and enforcement -- and encourages companies to follow them. Voluntary industry self policing thus far has convinced regulators not to act. n Nevertheless, nearly 50 privacy bills await consideration by Congress.

17 Session 55-17 So Why Adopt a Privacy Policy? n One of the federal laws may require it. n Federal government may adopt one for you if you don’t. n Consumers may expect it -- it can be used as a marketing tool (with disclaimers). n More important, lessons from the case law illustrate that an effective privacy policy may reduce exposure to privacy lawsuits.

18 Session 55-18 Lessons from the Case Law #1 n Lesson #1: If you have a privacy policy, you must follow it. The FTC has brought a number of unfair or deceptive practices lawsuits where the defendant companies failed to collect or use the personal information in accordance with their own privacy policy.

19 Session 55-19 Lessons from the Case Law #2 n Lesson #2: Privacy policies that truthfully disclose information collection practices can be helpful in defending lawsuits. Courts have dismissed complaints relating to certain information practices where the consumer has consented to the practice. (Of course need to consider how to evidence agreement.)

20 Session 55-20 Drafting Privacy Policies n Should follow the FTC’s core principles and fully disclose information practices. n Policy should reflect various information practices taking into account changes -- should be accompanied by an internal assessment of all information practices.

21 Session 55-21 Drafting Privacy Policies n Avoid being overly legalistic and remember the audience. n May need more than one privacy policy - for example, rules change when a prospective student becomes a student (GLB Act and FERPA).

22 Session 55-22 Sample Privacy Policies

23 Session 55-23 Sample Privacy Policies (cont.)

24 Session 55-24 Sample Privacy Policies (cont.)

25 Session 55-25 Additional Complexities n International considerations, such as the EU privacy directive and safe harbor. n Use and combination of information collected online with information collected offline. n What rules apply to personal information about a person other than the person who submits it?

26 Session 55-26 SFA Tech Slide We appreciate your feedback and comments. We can be reached: Peter Cassat Dow, Lohnes & Albertson (202) 776-2724 pcassat@dlalaw.com

Download ppt "Student Financial Assistance. Session 55-2 Session 55 Internet Privacy Laws."

Similar presentations

Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.

Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.
HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.

HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.
FERPA - Sharing Student Information

FERPA - Sharing Student Information
Information for Students MGH Institute of Health Professions Use your down arrow or click your mouse to advance through the presentation.

Information for Students MGH Institute of Health Professions Use your down arrow or click your mouse to advance through the presentation.
Mobile Payments and the FTC Manas Mohapatra Director of Mobile Policy Mobile Technology Unit Federal Trade Commission The views expressed are not necessarily.

Mobile Payments and the FTC Manas Mohapatra Director of Mobile Policy Mobile Technology Unit Federal Trade Commission The views expressed are not necessarily.
©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.

©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.
1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.

1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.
1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.

1 The HIPAA Privacy Rule and Research This presentation will probably involve audience discussion, which will create action items. Use PowerPoint to keep.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Issue Brief National Association of School Nurses Privacy Standards for Student Health Records.

Issue Brief National Association of School Nurses Privacy Standards for Student Health Records.
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.

Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,

Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
4.01 Foundational knowledge of promotion

4.01 Foundational knowledge of promotion
Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.
Privacy and the Right to Know Grayson Barber, Esq. Grayson Barber, LLC.

Privacy and the Right to Know Grayson Barber, Esq. Grayson Barber, LLC.
Children's Online Privacy Protection Act and the Video Privacy Protection Act By: Alana Rushing.

Children's Online Privacy Protection Act and the Video Privacy Protection Act By: Alana Rushing.
IS3350 Security Issues in Legal Context

IS3350 Security Issues in Legal Context

Similar presentations

Ads by Google