IAPP Seminar, June 11, 20041 CA Privacy Law: Resources & Protections Dana F. Winterrowd, Staff Counsel California Department of Consumer Affairs.

Slides:



Advertisements
Similar presentations
H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
Advertisements

June 27, 2005 Preparing your Implementation Plan.
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
CDC EHDI RESOURCES for States. CDC EHDI Website CDC EHDI Website Purpose: To provide up-to-date.
The Mobile Channel, TCPA and Privacy NCHELP New Orleans January 19, 2012 Mercedes Kelley Tunstall Of Counsel ballardspahr.com Jerod.
Legal Work Group Developing a Uniform EHR/HIE Patient Consent Form.
IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.
Information for Students MGH Institute of Health Professions Use your down arrow or click your mouse to advance through the presentation.
Red-Flag Identity Theft Requirements February 19th 2009 Cathy Casagrande, Privacy Officer.
Fair Credit Reporting Act You must be told if information in your file has been used against you You can find out what is in your file You can dispute.
Data Protection Law In India iPleaders and Intelligent Legal Risk management LLP.
Activity 1………….Why Do You Need A Bank? Activity 2………The Many Services of a Bank Activity 3…The ABCs of a Chequing Account Activity 4………Opening a Chequing.
Privacy Reporting and Investment Certification TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
1 Identity Theft Program Procedures Viewing RED FLAGS in the MEDITECH System.
Red Flag Rules: What they are? & What you need to do
Addition 1’s to 20.
Family Education Rights & Privacy Act of 1974 FERPA, You, & UC.
Confidentiality and HIPAA
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
© 2014 ACA International. All Rights Reserved. Obtaining Optimum Compliance Performance Foundational Training on ACA’s Professional Practices Management.
Davis Wright Tremaine LLP Non-HIPAA Governmental Regulation of Healthcare Privacy and Security Sixteenth HIPAA Summit/The Privacy Symposium August 21,
Prepared for: Presented by: Risky Business 2012 Conference Tony La Rosa, Manager Mid-Iowa Credit Counseling Park Fair Mall 100 E. Euclid Ave., Ste. 157.
I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.
Helping you protect your customers against fraud Division of Finance and Corporate Securities.
A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference Joan Wilson Asst Attorney General State of Alaska
PRIVACY BREACHES A “breach of the security of the system”: –Is the “unauthorized acquisition of computerized data that compromises the security, confidentiality,
Presented by: Roberta Ward CDHS Privacy Officer Phone: (916)
Deter, Detect, Defend: The FTC’s Program on Identity Theft.
©2005 Qwest Communications International, Inc. NOTE: Qwest is providing the above information as a customer service for educational purposes only. Qwest.
Computers, Freedom and Privacy April 23, 2004 Identity Theft: Addressing the Problem in California Joanne McNabb, Chief CA Office of Privacy Protection.
RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.
Data Classification & Privacy Inventory Workshop
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University
Meeting the Demands for Vital Statistics: The Challenges of Collecting, Preparing, and Promoting Baltimore, MD May 31 st – June 4 th, 2009 Vital Records.
Sharing Low-Income Customer Information Water & Energy Utilities LIOB Meeting - January 2009 Seaneen M Wilson Division of Water & Audits.
Washington State Department of Financial Institutions “Regulating financial services to protect and educate the public and promote economic vitality.”
WHO’S IN YOUR “WALLET” WHO’S IN YOUR “WALLET” YOU BETTER “RECOGNIZE” YOU BETTER “RECOGNIZE” STEPPING $200 $200 $300 $400 $500 $400 $300 $200 $500 $400.
Understanding the Fair and Accurate Credit Transaction Act, the “Red Flag” Regulations, and their impact on Health Care Providers Raising a “Red Flag”
Red Flag Rules Training Class SD 428. Red Flag Rules SD 428 The Red Flag Rules course (SD 428) was implemented at UTSA to meet the requirements and guidelines.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
Florida Information Protection Act of 2014 (FIPA).
Sharing Information With Affiliates and Third Parties F. Jay Meyer Vice President & Senior Counsel TD Bank, N.A. Portland, Maine.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
Data Protection Act AS Module Heathcote Ch. 12.
Available from BankersOnline.com/tools 1 FACT ACT RED FLAG GUIDELINES.
Red Flag Training IDENTITY THEFT PREVENTION PROGRAM OVERVIEW AUTOMOTIVE.
New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.
Addressing Unauthorized Release of Personal Information at UC Davis August 12, 2003.
1 CONFIDENTIALITY. 2 Requirement Under IDEA 34 CFR Sec (c) All staff collecting or using personally identifiable information in public education.
When Can You Redact Information Without Requesting an Attorney General Decision? Karen Hattaway Assistant Attorney General Open Records Division Views.
Choice Background Checks. PRODUCTSPRODUCTS FEDERAL FAIR CREDIT REPORTING ACT Users Must Have a Permissible Purpose Users Must Provide Certifications.
Protecting Yourself from Fraud including Identity Theft Personal Finance.
Identity Theft PD Identity Theft Identity theft is a serious crime which can: Cost you time and money Destroy your.
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
1 Identity Theft Prevention and the Red Flag Rules.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
Teresa Brown Open Records Supervisor Plano Police Department
Florida Information Protection Act of 2014 (FIPA)
Florida Information Protection Act of 2014 (FIPA)
Protecting Yourself from Fraud including Identity Theft
Protecting Yourself from Fraud including Identity Theft
Presentation to The Fourth National HIPAA Summit
Confidentiality Frequently Asked Questions
National HIPAA Audioconferences
Non-HIPAA Governmental Regulation of Healthcare Privacy and Security
Protecting Yourself from Fraud including Identity Theft
The Health Insurance Portability and Accountability Act
Presentation transcript:

IAPP Seminar, June 11, CA Privacy Law: Resources & Protections Dana F. Winterrowd, Staff Counsel California Department of Consumer Affairs

2 Constitutional Right  All people are by nature free and independent and have inalienable rights. Among these are enjoying and defending life and liberty, acquiring, possessing, and protecting property, and pursuing and obtaining safety, happiness, and privacy.  Article 1, Section 1, Constitution of the State of California

3 Office of Privacy Protection  CA is only state with such an agency  Created by law passed in 2000  Purpose: “ protecting the privacy of individuals’ personal information in a manner consistent with the California Constitution by identifying consumer problems in the privacy area and facilitating development of fair information practices”

4 Education and Information  Consumer Information Sheets ID theft prevention, victim checklist, “criminal” ID theft Protecting SSNs, reading privacy policies, controlling unwanted communications Health info privacy  Workshops and presentations 86 for consumers, 64 for business (11/01-12/03)

5 Work with Law Enforcement  Advisory Committee to High Tech Crimes/Identity Theft Task Force 5 regional task forces of local, state and federal law enforcement  Provide information on new laws via web site  Make case referrals

6 “Best Practice” Recommendations  Recommendations of “best practices,” beyond legal requirements  By phone in response to requests  Written sets developed with advisory groups SSN Confidentiality Notification of Security Breach

7 Fair Information Practice Principles (FIPS)  Transparency  Collection Limitation  Purpose Specification  Use Limitation  Data Quality  Individual Participation  Security  Accountability

8 CA Privacy Laws & FIPs  Limits on collection of personal info  Limits on use of personal info  Requirements of notice of privacy rights  Limits on unwanted commercial communications  Requirements for data security  Requirements for individual access to personal info  Rights & remedies for identity theft victims

9 Limits on Collection of Personal Information  Ban on recording any personal info when accepting payment by credit card  Ban on recording DL # when accepting payment by check  Ban on collecting DL# and SSN for supermarket club cards  Ban on wiretapping, CATV/satellite TV monitoring  Ban on state agency collecting personal info not authorized by law or regulation (IPA)

10 Limits on Use of Personal Information 1  Info “swiped” from drivers licenses (except for age verification, etc.)  Onward sharing of “marketing info” of credit card holders subject to opt-out right  Public display of Social Security numbers  Onward sharing of personal info collected for supermarket club cards

11 Limits on Use of Personal Information 2  Printing of >5 digits of credit card numbers on electronic customer receipts  Onward sharing of residential telephone customer calling patterns, financial info, etc.  Use by state agency other than as authorized by law (IPA, but cf. Public Records Act)

12 Limits on Use of Personal Information 3  Onward sharing of medical info, other than for TPO, subject to prior consent  Use of medical info for marketing purposes, as defined  Limited access to birth/death certificates, no SSNs or MMNs on publicly available birth/death record indices

13 Limits on Use of Personal Information 4  Sharing of consumer credit & background info, except for specified purposes, by CRAs, Investigative RAs (but cf. FCRA/FACTA)  Sharing of personal financial info w/ 3 rd parties by financial institutions (SB 1, eff. 7/1/04)  Use of auto “black box” data for other than vehicle safety, etc. (AB 213, eff. 7/1/04)

14 Notice Requirements 1  Notice of security breach involving specified personal info  Notice to vets from county recorder re DD214s as public records  Notice on collection of personal info by state agencies (IPA)  Privacy policy notice in state offices and on agency web sites

15 Notice Requirements 2  Notice of privacy policies/practices on commercial web sites collecting personal info on CA residents (AB 68, eff. 7/04)  Upon request, notice to customer of info sharing details or opt-out opportunity (SB 27, eff. 1/05)  Notice of presence of auto “black box” in owner’s manual or subscription contract (AB 213, eff. 7/04)

16 Data Security  Destruction of customer records by businesses by shredding, etc.  Activation process required on substitute credit cards mailed to consumers  Credit/debit card “skimmers” outlawed  State agencies must use security safeguards to protect personal info (IPA)

17 Individual Access to Information  Access to and right to correct personal info in records of state agencies (IPA)  Access to and right to dispute personal info in medical records (PAHRA, cf. federal HIPAA)

18 Limits on Commercial Communications  Do-Not-Call Registry (state/federal laws)  Ban on unsolicited commercial text messages sent to cell phones/pagers  Ban on spam sent in violation of ISP’s policy  Ban on spam sent w/out prior consent of recipient (but cf. federal CAN SPAM Act)

19 Identity Theft Rights & Remedies  Definition of crime, including possession of documents with intent to defraud  Requirement of local police to take report  Expedited judicial process for victims  Database for victims of “criminal” ID theft  Victim rights in debt collection and against claimants  Victim access to documents on fraudulent accounts (but cf. FCRA/FACTA)

20 Dana F. Winterrowd, Staff Counsel Legal Affairs Division California Department of Consumer Affairs 400 R Street, Suite 3090 Sacramento, CA  Office of Privacy Protection

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.