Data Privacy Primer is Concise, Authoritative Source
The Sedona Conference, a nonprofit dedicated to the advanced study of law and policy, released its Data Privacy Primer in January 2018. The Working Group on Data Security and Privacy Liability, one of the sections of the Sedona Conference working to create best practices and guidelines for the legal community, developed the primer to identify and comment on trends in data security and privacy law, helping organizations prepare for and respond to data breaches, and the legal community assess questions of liability and damages.
The primer recognizes that a complex patchwork of state and federal privacy laws exists in the U.S. today. These laws present significant compliance challenges for organizations and often create confusion not just for organizations, but also for elected officials and members of the legal community.
The primer focuses on providing foundational information concerning U.S. civil privacy laws and regulations. It is not intended to serve as an exhaustive treatment of privacy law or of any particular privacy-related issue, but as an orientation to laws and issues surrounding privacy.
While it references criminal law where necessary for its civil discussion, the primer does not contain an in-depth analysis of criminal law privacy concepts. It also does not spend much time discussing international concepts related to privacy law, but does include international references, such as the guidelines of the Organisation for Economic Cooperation and Development, where appropriate.
‘Right to Privacy’ Conceived More Than 100 Years Ago
The primer uses the seminal Harvard Law Review article “The Right to Privacy,” as its jumping-off point to discuss the evolution of privacy rights. The concept proposed in the 1890 article is almost universally regarded as the origin of U.S. privacy law and the four distinct ways privacy interests can be violated:
- Intentional intrusion on someone else’s seclusion or solitude
- Appropriating someone else’s name or likeness
- Public disclosure of private facts of another’s life
- False “light” or publicity
Elements required for finding a violation of privacy rights are detailed in the primer, which also explains the 1970s origins for the notion of protecting certain personal information.
Privacy and Security Comprise Distinct Interests
While discussions of privacy and security often go hand in hand, the primer notes that the two concepts differ.
Privacy consists of the general right of an individual to determine how his or her information is or will be used.
Data security, on the other hand, concerns the physical, administrative, and technical methods employed by a party to protect sensitive information in its possession, including personal information.
Scope of Data Privacy Primer
The primer includes discussion of several federal laws that protect personal information, such as the Privacy Act of 1974, as well as the Health Insurance Portability and Accountability Act. Federal financial privacy and credit reporting laws are also discussed, as are various state constitutional and statutory privacy protections, workplace privacy issues, bring your own device (BYOD) and social media policies, and student privacy.
A particularly interesting section offers a brief summary of provisions contained in the laws of the 17 states related to event data recorders, or “black boxes.”
In addition, the primer discusses the range of information that is considered personal and private, as well as the different protection levels afforded to various types of information.
Anyone looking for an introductory, yet comprehensive, source of privacy law considerations and protections should consider downloading a copy of the Data Privacy Primer here.