Last month, The Sedona Conference released the public comment version of The Sedona Conference Data Privacy Primer, a comprehensive catalog of U.S. data privacy issues, legislation, and resources, designed to provide “immediate and practical benefit” to organizations and practitioners dealing with privacy issues. The Primer is a work product of The Sedona Conference Working Group Eleven on Data Security and Privacy Liability (WG11). The Primer is open for public comment until April 16, 2017.
A quick read through the Primer makes clear that this publication will become a practical reference book for any attorney seeking to understand basic privacy issues in the United States. At over 100 pages, the Primer is organized much like a treatise, with chapters devoted to the basic data privacy concepts, federal and state government privacy protection, general consumer protection, protection of health and financial information, and workplace and student privacy.
With the United States having a multitude of national, local, and industry-specific privacy statutes and regulations, it can be a challenge to identify all the issues and applicable laws that might apply to a particular legal situation. The Primer conveniently gathers everything in one place and includes discussion of the protections provided by all major federal laws, including the Federal Trade Commission (FTC) Act, Children’s Online Privacy Protection Act (COPPA), Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM), Telemarketing and Consumer Fraud and Abuse Prevention Act (Telemarketing Act), Communications Act of 1934, Telephone Consumer Protection Act of 1991, Health Insurance Portability and Accountability Act of 1996 (HIPAA) and The Health Information Technology for Economic and Clinical Health Act (HITECH), The Gramm–Leach–Bliley Act (GLBA), The Fair Credit Reporting Act (FCRA), The Right to Financial Privacy Act of 1978 (RFPA), Family Educational Rights and Privacy Act, Protection of Pupil Rights Amendment, as well as a variety of state laws, proposed legislation, and best practices for approaching various data privacy issues.
Employers will find helpful the discussion of Workplace Privacy, in which the Primer touches upon use of company equipment and email, bring your own device (BYOD) policies, and social media privacy issues. Educational institutions will benefit from the discussion of Student Privacy, which covers FERPA, COPPA, consent requirements and exceptions, right of access, parental rights, and proposed legislation.
The Primer also includes “Side Bar” discussions for each section with practice pointers and best practices related to each area that could help increase compliance with privacy laws and mitigate risk. Most importantly, the Primer points out the interplay among different laws as they might bear on a particular situation, thereby minimizing the risk that some relevant considerations might be overlooked when organization makes a decision on how to discharge its privacy obligations.