The Privacy Act prohibits the disclosure of personal information, no matter how this information is gathered. The consumers’ control and knowledge applied to on the internet come under two categories- purchasing and surfing. The legal protection law for individual privacy in the United States has been passed fairly recently, and limits the protection of data. Data collection methods have raised concerns about consumer privacy. The FTC, in their efforts to ensure success, has developed principles that would protect consumers and the information they choose to display. The USA PATRIOT Act was put in to effect in reaction to the 9/11 Terrorist attacks. To prevent terrorism in the United States by keeping an eye on communication around the country, the Government felt that terrorism could be diminished. This Act gives the Government powers to disregard privacy concerns of the citizens in the face of national security concerns.
Electronic Communications Privacy Act (ECPA) lays the precincts for law enforcement having access to personal electronic communiqué and electronic records like emails, documents, pictures etc. With the immense growth in the use of computers, many people store copious data on servers that can be visible to many parties in the infrastructure business. The ECPA protects this material from being accessed by law administration. The exclusions to this law allows the ISP to view private e-mail if the sender is suspected of attempting to damage the internet system or attempting to harm another use, the ISP can reveal information from a message if the sender or recipient allows disclosure or in the event of a court order or law enforcement’s subpoena.
The Electronic Communications Privacy Act (ECPA) makes it illegal under certain conditions for anyone to read or disclose the content of any electronic communication (18 USC § 2511).
However, below are some exceptions to ECPA
a. The ISP may view private e-mails of its subscribers if it doubts the sender is endeavoring to damage the system or damage another user. However, arbitrary monitoring of e-mail is normally forbidden.
b. The ISP may lawfully view and reveal private e-mail if either the disseminator or the receiver of the message consents to the scrutiny or revelation. Many ISPs require a consent agreement from subscribers when signing up for the service.
c. If the e-mail server and software is owned or hosted by an employer, the employer may examine the contents of employee e-mail on the system. Therefore, any e-mail sent from a business location, device or using a host server owned by the employer or paid for by the employer is probably not private. Several court cases have determined that employers have a right to monitor e-mail messages of their employees.
d. ISP’s may be required to disclose personal information in response to a court order or a subpoena. A subpoena may be obtained by law enforcement or as part of a civil lawsuit. A subpoena as part of a private civil lawsuit, defamation or a divorce case may disclose more personal information.
The USA PATRIOT as amended in 2006, makes it easier for the government to access records about online activity of the subscribers. In an effort to increase the speed in which records are acquired, the Act eliminates much of process required to acquire private data. 6
In the case of U.S. v. Warshak (December 14, 2010), the Sixth Circuit Court of Appeals ruled that although an ISP has access to private e-mail, the government must obtain a search warrant before seizing such e-mail. The decision is particularly significant to the degree that it could incentivize Congress to reassess the federal statutes that, in some cases, do allow warrantless searches of e-mail.
In Feb 2012, the US Government signed a covenant to put some new guidelines in place to regulate the information that can be asked and received from people on the Internet. These new regulations are a “privacy bill of rights.” And corporations are expected to change their privacy policies to ensure that personal information of their customers will only be used for purposes that that be specifically agreed to by the user.
The National Telecommunications and Information Administration in partnership with several privacy activist groups are working to develop “codes of conduct” for companies who collect personal information.
This document lays out seven rights.
a. Individual control. The companies have to provide easy to understand policies on what data they are collecting and how they will use this data.
b. The individual has the right to transparency and knowing the exact reason as to why the data is being collected at all.
c. The corporations cannot decide to use the data as they wish for another purpose other than what has been communicated to the individual.
d. Adequate security for customer data needs to be provided.
e. Individuals have rights to edit their data and therefore should have acess to all their date for editing and keeping current.
f. Corporations are only allowed to collect the data they need. They are not allowed to collect any incidental data.
g. Corporations are accountable to individuals for lost and misplaced data.
As privacy management develops in terms of improvements in efficacy and the growing intricacy of the challenges establishments face; accountability is evolving as a essential element of handling personal information. In specific terms all regulators and executives are looking at corporations to be more accountable for their actions. On a corporate level, accountability is taking form in:
• Implementation of Privacy by Design (PbD) and Privacy by ReDesign (PbRD)
• Redefinition of the role of the privacy professionals
• Acceptance the concept of BCR (Binding Corporate Rules)
• Cultivating internal monitoring, with the use of data loss prevention (DLP) tools
Governments are adopting steps to legalize the use of personal information and industry forums are exploring self-regulation to ensure that their interests are served before they have to succumb to greater restrictions, should they not assume responsibility on privacy. In 2011 in the European Union (EU), the European Commission (EC) modified its Electronic Communication Directive to give customers more control over their individual data. EU data protection rules and the new EC directive requires EU member states to induce electronic publishers to get consent from users before tracking their online behavior through cookies or other methods.