States are prevented by federal law from passing any laws that regulate financial privacy.
The superior government has the right to supersede the lesser government’s laws. The lesser government cannot pass a law that is inconsistent with the superior government’s law.
State laws supersede federal law in certain areas such as marketing.
The EU General Data Protection Regulation (GDPR) takes precedence over U.S. law, federal or state.
To announce the amount of civil penalties the FTC levies
To prove that companies have complied with FTC rulings
To punish companies that violate FTC rulings
To provide guidance about what practices the FTC finds inappropriate
Binding corporate rules
U.S. laws generally do not restrict geographic transfers of personal information.
U.S. data exporters are not liable for any inappropriate uses of the personal information.
U.S. data exports are immune from legal enforcement if handled by service providers.
U.S. laws have "reciprocity" arrangements with most national data protection laws.
Statutes enacted by legislative bodies.
statutes enacted by legislative bodies.
Laws guaranteed by the Constitution of the United States of America.
Regulations that are promulgated by state and federal agencies.
Convert personal data from opt-out to opt-in
Have a Standard Model Clause in place
Assure appropriate privacy terms and conditions are included in a contract with the third party
Perform a test of the vendor's disaster recovery / business contingency plan
Securities and Exchange Commission
Consumer Financial Protection Bureau
Department of Justice
Federal Trade Commission
Email a consent form. The parent can provide consent by responding to the email.
Email a consent form. The parent can provide consent by signing and mailing back the form.
Request in an email that the parent consent by reply email and also provide email, phonenumber, or fax.
Email a consent form to the parent allowing 30 days to object to the data disclosure.
Library records released by a municipal body
Driving history obtained from an information aggregator
Academic records obtained from an accredited university
Purchase transactions obtained from an online retailer
Financial institutions can share customer information with non-affiliated third-party companieswithout obtaining an opt-in from the customer.
GLBA privacy rules are overseen by many regulatory organizations such as the Department of Commerce.
GLBA retains the legislative power to preempt any financial services laws as currently enforced by U.S. states.
U.S.-based financial institutions may not share any information with companies that are affiliated with financial institutions.
They must develop and implement methods of detecting identity theft.
They must identify who might be a poor credit risk for new mortgages, such as sub-primelending.
They must determine whether their corporate databases have been breached and reactaccording to data breach regulations.
They must locate unencrypted transmissions of their customer's financial data.
Electronic Communications Privacy Act
Stored Communications Act
U.S. Communications Assistance to Law Enforcement Act
The customer authorizes access.
There is a qualified search warrant.
There is an appropriate judicial subpoena.
The financial records are reasonably described.
NSL recipients must fulfill the request, even if compliance is oppressive.
New restrictions reduced the number of NSLs issued.
Issuance of an NSL requires judicial authorization.
An organization receiving an NSL may disclose the request to an attorney for legal assistance.
Access to store emails
Pen register order
traditional search warrant
Specificity of the request
Whether the information originated in the U.S.
Whether counsel for both parties are based in the U.S.
Availability of alternative means of acquiring the information
Express authorization of foreign intelligence wiretaps
Legal authorization of some new surveillance practices
A series of checks and balances on the president and attorney general
Access to stored communication records without judicial authorization
Provide notice to applicant after taking adverse action and provide the applicant with a method to appeal the decision
Obtain data only from a qualified credit reporting agency and certify that the agency has administrative, technical and physical safeguards in place
Certify to the credit reporting agency that the employer has a permissible purpose and providea written consent from the employer
Obtain applicant's written consent and provide applicant with a copy of the credit report before taking an adverse action
Test marketing the company's new products
Determining legal standing or citizen status
Group insurance underwriting
Questions about the applicant's duration of stay on the job or any anticipated absences
Questions regarding any medical conditions or disabilities that would inhibit the performanceof the job function
Questions on whether an applicant has applied for or received worker's compensation
Questions about the applicant's height or weight as this relates to a specific job function
Internet access and usage
Badge cards and ID readers
Removing the employee's access rights to sensitive personal information before escorting theemployee from the premises
Reminding the employee of a non-disclosure agreement signed at the time of employment
Demanding that the employee not remove paper and electronic files, and only remove personal effects under direct observation
Here's an interesting quiz for you.