1 CDT submits the following chart as an addendum to the written testimony of Leslie Harris, President and Chief Executive Officer of the Center for Democracy and Technology before the House Committee on Energy and Commerce, Subcommittee on Commerce, Trade, and Consumer Protection on The BEST PRACTICES Act of 2010 and Other Federal Privacy Legislation on July 22, The chart compares some of the key provisions in both bills, and issues CDT s recommendations about the approach we believe privacy legislation should take. Tomakecomments,ortoreceivefurther information, contact Justin Brookman, Senior Resident Fellow at the Center for Democracy & Technology, Issue Boucher-Stearns Discussion Draft Scope. Definition Applies to all persons engaged of covered in interstate commerce that entities collect covered information, except government agencies or persons who collect covered information from fewer than 5000 individuals in any 12month period and do not collect sensitive information. 2(4). BEST PRACTICES CDT Recommendation Applies to all persons engaged in interstate commerce that collect or store covered information or sensitive information, except government agencies or persons that (i) store info from 15,000 or less individuals, (ii) collect info from 10,000 or fewer individuals in any 12month period, (iii) do not collect or store sensitive information and (iv) do not use covered information to study, monitor, or analyze the behavior of individuals as the person s primary business. 2(3). There is a specific CDT strongly supports both bills coverage of both online and offline entities. CDT generally endorses the broad definition in the BEST PRACTICES bill, which clearly applies to companies that may not collect data directly from individuals such as data brokers. We also support language exempting small businesses and others who collect information on relatively few individuals. However, 2(3)(B)(iv) of the BEST PRACTICES bill needs to be clarified to exempt news outlets in order to avoid
2 exception for entities outside the FTC s jurisdiction, such as banks and credit unions, though common carriers are specifically kept within the bill s scope Scope. Definition Name, contact info, Name, contact info, of covered government-issued ID number, government-issued ID number, information financial account number, any financial account number, any unique persistent identifier unique persistent identifier (including customer number, (including customer number, pseudonym, IP address, and pseudonym, IP address, and presumably cookie used to presumably cookie used to collect information from a collect information from a particular individual or particular individual or computer), and any computer), and any information information linked to any of linked to any of the above. the above. 2(5) 2(4)(A). The bill exempts individuals employment title and contact info, as well as information collected from employees. 2(4)(B). Scope. Definition Information relating to medical Information relating to health of sensitive records or treatment, race or or medical history, race or information ethnicity, religious beliefs, ethnicity, religious beliefs and sexual orientation, financial affiliation, sexual orientation or records and financial accounts, sexual behavior, financial information, and precise records and financial accounts, geolocation information. precise geolocation 2(10). information, biometric data, and SSN numbers. The FTC is empowered to modify the definition in the future. 2(8). 2 significant First Amendment concerns. CDT supports both bills robust definitions of covered information, including pseudonymous web identifiers and IP addresses. However, because of technological and marketplace evolution, we believe the FTC should be specifically empowered to modify the definition of covered information, as the BEST PRACTICES bill currently provides for in the definition of sensitive information. CDT supports enhanced protections for sensitive information, including precise location information. We endorse the more protective definitions included in the BEST PRACTICES bill, especially the broader definition of health information.
3 Scope. Affiliates. Scope. Exception for aggregated or de-identified data. Scope. Prohibition on reidentifying data sets. FTC Rulemaking. 3 Treats disclosures to entities under common control with the covered entity as use by the covered entity, not transfers to third parties. 2(7)(A)(vi), 2(13). Treats disclosures to entities under common control and who don t hold themselves out as separate from the corporate entity as use by the covered entity, not transfers to third parties. Directs FTC to issue regulations to clarify and modify the relevant definitions. 2(10). Exempts aggregate Exempts aggregated information or information that information and information has been rendered anonymous from which identifying from the scope of the bill. 5. information has been obscured or removed, such that there is no reasonable basis to believe that the information could be used to identify an individual or a computer used by the individual. 501(a). No provision. Provides that reconstructing identifying information for datasets that have been anonymized pursuant to 501(a) is unlawful. 501(c). Generally empowers the FTC Generally empowers the FTC to implement regulations, and to implement regulations, and specifically directs the FTC to specifically directs the FTC to issue regulations in limited issue regulations in several instances (see below). instances, usually under clear 8(a)(3) et alia. instruction to weigh specific factors in promulgating rules (see below). 602(c) et alia. CDT generally supports the language in the BEST PRACTICES bill, but believes that the definition should explicitly define parties that operate under different brands as third parties for sharing purposes. CDT generally supports the exception for aggregated and de-identified data contained in the BEST PRACTICES bill. 501(c) of the BEST PRACTICES bill should be removed, or revised to allow research and certain other noncommercial uses. CDT supports both bills providing the FTC with general rulemaking authority, and endorses the approach of the BEST PRACTICES bill to specifically refer complex determinations to the FTC under clear and binding
6 Data Minimization. Only imposes data retention requirements on companies that participate in the safe harbor provision that allows opt-out permission for sharing covered information with third parties. For those companies, the bill requires covered entities to delete or anonymize covered information within 18 months of when it was collected. 3(e)(2). Data Quality and Requires each covered entity Integrity. to establish reasonable procedures to assure the accuracy of covered information it collects. 4(a). 6 use, and disclosure of covered and sensitive information) 30 days in advance before collecting information pursuant to those policies. 105(b). Requires that covered entities that use covered information or sensitive information shall retain such data only as long as is necessary to fulfill a legitimate business purposes or comply with a legal requirement and consumer advocates an opportunity to digest and consider changes before they go into effect. Requires each covered entity to establish reasonable procedures to assure the accuracy of covered information and sensitive information it collects, assembles, or maintains, and directs the FTC to promulgate implementing regulations, balancing costs and benefits of ensuring accuracy. 201(a). Provides exceptions for fraud databases and for publicly available information if such information reflects what is available to the general public. 201(b)-(c). CDT endorses a general provision such as in the Boucher-Stearns draft bill with a referral to the FTC for more precise definitions. The Fair Credit Reporting Act does not make an exception in its accuracy provisions for publicly available information, and we are not convinced a blanket exception for publicly available information is appropriate here. CDT generally supports the flexible approach of the BEST PRACTICES bill. However, the FTC should be directed to implement regulations to establish meaningful standards that can be tailored to different industry segments as appropriate.
7 Individual Participation. Notice and consent for firstparty use of covered information. always offer a persistent optout consent for first-party secondary uses of covered information, such as marketing, advertising, or selling. 3(a)(3), 3(a)(5). No provision about whether a covered entity may condition service to a consumer based on that consumer not opting out of secondary usage. Individual Participation. Notice and consent for sensitive information. get express affirmative consent for the collection or disclosure of sensitive information. 3(c). Individual Participation. Notice and consent for disclosure of covered information to third parties. 7 always offer a persistent optout for first-party secondary uses of covered information. 103(a)-(e). However, entities may explicitly condition service to a consumer based on that consumer not opting out of secondary usage. 103(f). get express affirmative consent for the collection, use, or disclosure of sensitive information. 104(b). Covered entities must offer reasonable means for consumer to withdraw consent at any time. 104(e). get get express affirmative consent express affirmative consent for for sharing covered sharing covered information information with third parties with third parties for nonfor non-operational purposes. operational purposes. 3(b)(1). Covered entities 104(a)(1). Covered entities must offer reasonable means must offer reasonable means for consumer to withdraw for consumer to withdraw consent at any time. 3(b)(2). consent at any time. 104(e). HOWEVER, covered entities HOWEVER, covered entities CDT supports the language in both bills offering consumers an opportunity to opt out of secondary uses of their data by companies. We suggest removing the blanket authority to deny service for parties who opt out in the BEST PRACTICES bill, as we believe this should be allowed only in robust market environments where consumers have multiple options. CDT endorses the provisions in the BEST PRACTICES bill. CDT endorses the general optin/opt-out framework of both bills: opt-in for sharing as a default, with the opportunity to share on an opt-out basis by meeting certain safe harbor requirements. For the reasons discussed below, we support the flexible FTC-approved Choice Program put forward in
8 may share covered information on an opt-out basis if they adhere to the narrow safe harbor requirements in 3(e). (See Safe Harbor, below) Individual Participation. Access and correction. 8 may share covered information on an opt-out basis if they adhere to the more flexible safe harbor requirements in (See Safe Harbor, below) No access or correction requirements for non-safe offer reasonable access to and harbor participants. opportunity to correct data that HOWEVER, covered entities may be used for an adverse that take advantage of the safe decision against the individual, harbor program (in order to such as the denial of a right, share covered information with benefit, or privilege. 202(a). third parties on an opt-out For other covered information, basis) are required to make covered entities must make available for review, available (undefined) personal modification, or deletion a list profiles that are stored in the of information, categories of normal course of business, and information, or preferences must offer access and associated with the individual correction rights for behavioral or computer or device used by preference profiles. 202(b). the individual. 3(e). HOWEVER, safe harbor participants are exempted from 202(b) s access and correction rights for information that could not result in an adverse decision, and need only make available the types of information available it typically collects about individuals, or a representative sample. 202(b)(3), 202(c). Detailed rules governing access the BEST PRACTICES bill. (See Safe Harbor, below) CDT believes that access and correction rights are fundamental elements of the Fair Information Practices, and disagrees that they should only be required of safe harbor participants (as in the BoucherStearns draft) or that safe harbor participants can sometimes avoid these obligations (as in the BEST PRACTICES bill). We believe a privacy bill should generally require covered entities to make available to consumers the covered information possessed about them along with a reasonable method of correction. We believe the precise rules and exemptions for access should be implemented by FTC regulations.
9 9 Security. Requires covered entities that collect covered information to adopt reasonable security safeguards that the FTC deems necessary to protect the information. 4(b). Prohibits the FTC from prescribing specific products or technologies. 8(a)(3). Accountability and Auditing. No specific provisions for internal accountability and auditing. and correction when required by the bill. 202(d)-(j). adopt reasonable security measures. Directs the FTC to promulgate implementing regulations taking into account, inter alia, nature of covered entities and cost of security safeguards Prohibits the FTC from prescribing specific products or technologies. 602(c)(3). establish a process for individuals to make complaints about privacy policies and procedures. 302(a). Requires covered entities to conduct Privacy Risk Assessments of potential risks to individuals if information about more than 1,000,000 individuals likely to be collected. 302(b). conduct periodic review of whether collected data remains necessary for disclosed purposes, and whether collection practices serve legitimate business purpose. 302(c). CDT supports the security requirements in the BEST PRACTICES bill. CDT supports the accountability provisions contained in the BEST PRACTICES bill.
10 Safe Harbor. 10 Covered entities may get optout (instead of opt-in) consent for the disclosure of covered information. In order to take advantage of the safe harbor, they (1) offer a persistent optout of data collection, (2) delete or anonymize covered information within 18 months, (3) place a symbol or seal on all behavioral ads placed by the entity, and allow consumers to access and modify their behavioral profiles, and (4) have ad networks to which the entity discloses information under the safe harbor agree to not share the information with other parties without the consumer s express affirmative (opt-in) consent. 3(e). Covered entities may get optout (instead of opt-in) consent for the disclosure of covered information, are exempted from the private right of action, and do not have to offer individuals access to personal profiles (consumer profiles such as behavioral advertising profiles that will not be used in a way that could result in an adverse decision against the individual, such as the denial of a right, benefit, or privilege). In order to take advantage of the safe harbor, they must join and be in compliance with an FTC-approved private Choice Program that (1) provides individuals with a global optout for third-party information sharing and/or communication and advertising settings for all Choice Program company participants, (2) establishes additional guidelines for protections of covered information and sensitive information, (3) requires testing and review of Choice Program participants, and (4) has consequences for failure to adhere to Choice Program CDT generally supports the FTC-approved Choice Program safe harbor in the BEST PRACTICES bill as a vehicle for promoting best practices, while allowing compliant companies to share data on an opt-out basis and protection from a private right of action. We believe that a flexible, private safe harbor program with meaningful government oversight offers the most effective means to implement the Fair Information Practices over a wide range of companies that collect and use personal information. However, as noted above, CDT does not support an exemption from access requirements for covered information for Safe Harbor participants; the optout and protection from the private right of action offer sufficient incentive for companies to join a safe harbor program.
11 Enforcement. By the FTC. Enforcement. By state Attorneys General. Enforcement. Private right of 11 The FTC can enforce the act as a violation of a trade regulation under Section 5 of the FTC Act, meaning the FTC is entitled to statutory penalties of $16,000 per violation. 8(a), 15 U.S.C. 45(m). Allows state Attorneys General to bring civil action for injunctive relief, damages, restitution, and other relief on behalf of state citizens. 8(b)(1). FTC has the right to intervene in such actions, and no state may bring an action while an FTC action is pending. 8(b)(2). Explicitly prohibits any private right of action. 9. requirements The FTC can enforce the act as a violation of a trade regulation under Section 5 of the FTC Act, meaning the FTC is entitled to statutory penalties of $16,000 per violation. 602, 15 U.S.C. 45(m). Allows state Attorneys General to bring civil action for injunctive relief. For violations of the notice-and-consent provisions, state AGs can also get penalties of up to $11,000 per affected person. For violations of accuracy, access, security, accountability, and data minimization provisions, state AGs can get penalties of up to $11,000 per day the entity is out of compliance. An entity s total liability for any related series of violations is capped at $5,000,000. The $11,000 per person/day figures are indexed for inflation; the $5 million cap is not. FTC has the right to intervene in such actions, and no state may bring an action while an FTC action is pending Allows private right of action for willful violation of notice- CDT supports vesting the FTC with the primary authority to enforce a privacy law. However, we believe FTC penalty authority should mirror that given to state Attorneys General (see below). CDT strongly supports giving state Attorneys General the right to enforce any privacy bill, and we endorse an approach that gives state AGs the ability to get statutory penalties. CDT suggests Title II and III penalties should be based on the number of individuals affected (as Title I currently is), perhaps with a lesser maximum amount per affected person. The $11,000 per person should be increased to $16,000 per person (at least for Title I violations) to mirror FTC trade regulation penalties and should remain indexed to inflation; the $5,000,000 cap should be indexed to inflation as well. CDT supports the inclusion of a strong private right of action
12 action. Preemption. State laws. 12 and-consent provisions. Exempts entities that participate in and are compliance with Choice Program safe harbor. Seems to require plaintiffs to demonstrate actual damages in order to recover (damages are limited to between $100 and $1000 per individual). Plaintiffs can also recover punitive damages at the court s discretion, and reasonable costs and attorneys fees Provides very broad field preemption of any state privacy laws, arguably including state consumer protection laws and data breach notification laws. 10. in any privacy bill. The private right of action in the BEST PRACTICES bill should include a provision for reasonable liquidated damages and should be extended to the full range of FIPs, not just notice-and-consent. We do not object, however, to the exemption for compliant safe harbor participants, as we believe this provides an important incentive to companies to enroll in those programs. Preempts any state law that CDT generally supports the expressly requires covered preemption language in the entities to implement BEST PRACTICES bill, requirements with regard to the provided that the final bill collection, use, or disclosure or ultimately provides appropriate covered or sensitive nationwide implementation of information, however, state all the Fair Information consumer protection laws, state Practices. Federal preemption data breach laws, state financial of state laws is only and health privacy laws, and appropriate when the federal state trespass, contract, tort, statute gives consumers as and fraud laws are specifically much protection as the best preserved state laws.
COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER to THE FEDERAL TRADE COMMISSION In the Matter of Myspace, LLC FTC File No. 102 3058 June 8, 2012 By notice published on May 14, 2012, the Federal Trade
2013 NAI Mobile Application Code Introduction The NAI Mobile Application Code, like the 2013 NAI Code of Conduct, governs only NAI member companies. It does not govern all data collection by member companies,
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
International Life Sciences Arbitration Health Industry Alert If you have questions or would like additional information on the material covered in this Alert, please contact the author: Brad M. Rostolsky
February, 2015 Page: 1 Revision History Revision # Date Author Sections Altered Approval/Date Rev 1.0 02/15/15 Ben Price New Document Rev 1.1 07/24/15 Ben Price Verify Privacy Grid Requirements are met
Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...
BEHAVIORAL ONLINE MARKET RESEARCH: BEST PRACTICES October 2010 Beginning in November 2009, the Center for Democracy & Technology (CDT) hosted a series of meeting of its Internet Privacy Working Group (IPWG)
Overview of the Impact of the Privacy Reforms on Credit Reporting June 2012 Andrew Galvin, Partner 1 OVERVIEW 1.1 Credit Reporting Reform - Background When initially passed, the Privacy Act 1988 essentially
CDT ISSUE BRIEF ON FEDERAL DATA BREACH NOTIFICATION LEGISLATION January 27, 2015 A September 2014 Ponemon study found that 60% of U.S. companies have experienced more than one data breach in the past two
CREDIT REPAIR ORGANIZATIONS ACT 15 U.S.C. 1679 et. seq. Please note that the information contained herein should not be construed as legal advice and is intended for informational purposes only. In addition,
Shipman & Goodwin LLP HIPAA Alert March 2009 STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS The economic stimulus package, officially named the American Recovery and Reinvestment Act of 2009
Online Behavioral Tracking and Targeting Concerns and Solutions from the Perspective of: Center for Digital Democracy Consumer Federation of America Consumers Union Consumer Watchdog Electronic Frontier
SHORT FORM NOTICE CODE OF CONDUCT TO PROMOTE TRANSPARENCY IN MOBILE APP PRACTICES I. Preamble: Principles Underlying the Code of Conduct Below is a voluntary Code of Conduct for mobile application ( app
DM Unplugged What's New Contact Us Login MyDMA Home Membership Advocacy Events and Education News Research Corporate Responsibility DMA Bookstore About DMA Search: click here GO! DMA COMMENTS ON STEARNS
U.S. Federal Trade Commission s Approach to Promoting a Safer Internet Environment for Children Phyllis H. Marcus Federal Trade Commission U.S. FTC Approach to Promoting a Safer Internet Environment for
THE NETWORK ADVERTISING INITIATIVE S SELF-REGULATORY CODE OF CONDUCT The Network Advertising Initiative s Self-Regulatory Code of Conduct CONTENTS: Section I: Introduction 2 Section II: Terminology 4 Section
BUSINESS ASSOCIATE AGREEMENT ( BAA ) Pursuant to the terms and conditions specified in Exhibit B of the Agreement (as defined in Section 1.1 below) between EMC (as defined in the Agreement) and Subcontractor
MEMORANDUM To: Interested Persons From: Claire Gartland, Khaliah Barnes, and Marc Rotenberg, Electronic Privacy Information Center (EPIC) Re: FCC Communications Privacy Rulemaking Date: EPIC is circulating
Mind Your Business: Privacy, Data Security & Regulatory Compliance Best Practices & Guidance National Bar Association - Commercial Law Section 2015 Corporate Counsel Conference February 26, 2015 www.alston.com
PIPEDA Self-Assessment Tool Personal Information Protection and Electronic Documents Act table of contents Why this tool is needed... 3 How to use this tool... 4 PART 1: Compliance Assessment Guide Principle
Stimulus Package Expands HIPAA Privacy and Security and Adds Federal Data Breach Notification Law Marcy Wilder, Donna A. Boswell, and BarBara Bennett The authors discuss provisions of the Stimulus Package
Comments and proposals on the Chapter IV of the General Data Protection Regulation Ahead of the trialogue negotiations later this month, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update By Stephen H. LaCount, Esq. Overview The European Union Data Protection Directive 95/46/EC ( Directive ) went effective in
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT is made and entered into as of the day of, 2013 ( Effective Date ), by and between [Physician Practice] on behalf of itself and each of its
US-EU Safe Harbor Data Privacy Statement Number: IS-73 Revision: 1.0 2015 Merge Healthcare Incorporated. All rights reserved. This document and any page thereof may not be copied, distributed or otherwise
CREDIT REPORTING BILL EXPLANATORY NOTES INTRODUCTION These explanatory notes are intended as a guide to the proposed new Act. They are not meant as a substitute for a careful reading of the Bill itself.
Legal Affairs 1625 North Market Blvd., Suite S 309, Sacramento, CA 95834 www.dca.ca.gov Legal Guide CR-9 CREDIT REPAIR SERVICES (California Civil Code 1789.10 et seq.; 15 U.S.C.A. 1679 et seq.) January
UNILEVER PRIVACY PRINCIPLES Unilever takes privacy seriously. The following five principles underpin our approach to respecting your privacy: 1. We value the trust that you place in us by giving us your
AL 99-3 Subject: Fair Credit Reporting Act Date: March 29, 1999 Purpose: TO: Chief Executive Officers Compliance Officers of all National Banks, Department Division Heads, all Examining Personnel SUMMARY
VIRTUAL OFFICE WEBSITE (VOW) POLICY SECTION 37.1: DEFINITIONS a) A Virtual Office Website (VOW) is a Participant s Internet website, through which the Participant is capable of providing real estate brokerage
February 2, 2015 Hon. Richard Cordray Director Consumer Financial Protection Bureau 1700 G St. NW Washington, DC 20552 RE: ECMC Group, Inc. s purchase of certain Corinthian Colleges, Inc. assets Dear Director
H. R. 3606 10 have any person associated with that person subject to such a statutory disqualification. (3) For the purposes of this subsection, the term ancillary services means (A) the provision of due
Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal
Data Security and Privacy Proposed Threshold Questions and Initial Due Diligence Personal information means any information that can be used to identify a specific individual, for example, such individual
Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data
Revised: July 27, 2015 AMWELL SERVICE PROVIDER SUBSCRIPTION AGREEMENT Welcome to the AmWell Exchange Service (the Service ), which is owned and operated by American Well Corporation, a Delaware corporation
AIG and Individual Privacy We at AIG Insurance Company of Canada (referred to as AIG, we, our, or us ) abide by these and want you, our applicants, policyholders, insureds, claimants, and any other individuals
HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into effective the day of, 20 ( Effective Date ), by and between the Regents of the University of Michigan,
INTRODUCTION This guidance is composed of a series of fact sheets that clarify how the HIPAA Privacy Rule applies to, and can be used to help structure the privacy policies behind, electronic health information
Final HIPAA/HITECH Omnibus Rule Makes Significant Changes for Health Plans and Their Business Associates After a very long wait, the Department of Health and Human Services ( HHS ) has issued a final HIPAA/HITECH
Privacy fact sheet 17 Australian Privacy Principles January 2014 From 12 March 2014, the Australian Privacy Principles (APPs) will replace the National Privacy Principles Information Privacy Principles
Model Business Associate Agreement Instructions: The Texas Health Services Authority (THSA) has developed a model BAA for use between providers (Covered Entities) and HIEs (Business Associates). The model
US-EU Safe Harbor Data Privacy Statement Revision 1.0 RAVSoft Solutions Inc. Page 1 INTRODUCTION Protecting the privacy of information is of foremost importance to RAVSoft Solutions Inc. As such, the organization
Credit Repair Organizations Act Title IV of the Consumer Credit Protection Act (Public Law 90-321, 82 Stat. 164) is amended to read as follows: TITLE IV--CREDIT REPAIR ORGANIZATIONS'' Sec. 401. Short title.
Online and Mobile Privacy Notice ( Privacy Notice ) Introduction This Privacy Notice applies to the operations of Cigna Global Health Benefits and its affiliated companies listed at the end of this Privacy
Aida S. Montano Bill Analysis Legislative Service Commission Sub. H.B. 9 * 126th General Assembly (As Reported by H. Civil and Commercial Law) Reps. Oelslager, Flowers, Buehrer, White, Trakas BILL SUMMARY
CODES COMPLAINTS EMPLOYEE CERTIFICATION FEDERAL LAWS NACSO GUIDELINES LOG OUT CHAPTER 2--CREDIT REPAIR ORGANIZATIONS SEC. 2451. REGULATION OF CREDIT REPAIR ORGANIZATIONS. Title IV of the Consumer Credit
1. Introduction Special data protection rules apply to the protection of Personal Data by Data Controllers in the electronic communications sector. These are in addition to the general obligations that
FEDERAL TRADE COMMISSION BUREAU OF CONSUMER PROTECTION DIVISION OF FINANCIAL PRACTICES The Gramm-Leach-Bliley Act Privacy of Consumer Financial Information Subtitle A of Title V of the Gramm-Leach-Bliley
CONTENTS: SUMMARY SELF REGULATORY PRINCIPLES FOR ONLINE BEHAVIORAL ADVERTISING Introduction Definitions I. Education II. Transparency III. Consumer Control IV. Data Security V. Material Changes to Existing
PRIVACY AND CREDIT REPORTING POLICY 12 March 2014 CONTENTS What is personal information?...3 Information we may collect, use and disclose about you...4 Collection of sensitive information...6 How personal
Plunder Design Terms and Conditions (for website enrollement) E-SIGN, the Electronic Signatures in Global and National Commerce Act (15 U.S.C. 7001, et seq.), requires that you consent to entering into
Kaiser Foundation Health Plan of Colorado Kaiser Permanente Affiliate Link Provider Web Site Application FOR PROVIDERS CONTRACTED WITH KAISER IN THE COLORADO REGION ONLY Page 1 of 7 Kaiser Permanente Affiliate
CHAPTER 149 FORMERLY SENATE SUBSTITUTE NO. 1 FOR SENATE BILL NO. 79 AN ACT TO AMEND TITLE 14 OF THE DELAWARE CODE RELATING TO EDUCATIONAL DATA GOVERNANCE. BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE
Case :-cv-00-h-jma Document Filed 0// Page of 0 ERIC H. HOLDER, JR. Attorney General STEWART F. DELERY Assistant Attorney General Civil Division MAAME EWUSI-MENSAH FRIMPONG Deputy Assistant Attorney General
TOY INDUSTRY CHECKLIST FOR MOBILE APPS AND PROMOTIONS JULY 2012 Overview Members of the toy industry are fast embracing the world of mobile applications ( apps ). Apps offer a new world of engaging content
LB LB LEGISLATURE OF NEBRASKA ONE HUNDRED FOURTH LEGISLATURE SECOND SESSION LEGISLATIVE BILL Introduced by Morfeld,. Read first time January 0, Committee: Education A BILL FOR AN ACT relating to students;
SENATE STAFF ANALYSIS AND ECONOMIC IMPACT STATEMENT (This document is based on the provisions contained in the legislation as of the latest date listed below.) BILL: SB 2240 SPONSOR: SUBJECT: Senator Garcia