Last reviewed August 2009
Resources on Minnesota Issues
Electronic Privacy
This guide is compiled by staff at the Minnesota Legislative Reference
Library on a topic of interest to Minnesota legislators. It is designed
to provide an introduction to the topic, directing the user to a variety
of sources, and is not intended to be exhaustive. In particular, it
is focused on items available in the Legislative Reference Library.
Personal privacy and data control issues continue to draw the
general public's attention. Sophisticated electronic technology is available
to both government and the private sector to streamline the collection and
sharing of data on individuals. The use of cookies and other tracking
software provides data to create customized services, but it may be information
users don't want others to have - or at least don't want shared. "Identity
theft", the ultimate privacy invasion, is also a continuing concern.
Privacy advocates feel consumers should have the opportunity to choose
how (or whether) their personal information is used by the businesses
and government agencies with whom they have direct contact - or by third
parties. A key element of the privacy debate is whether to mandate language
requiring consumers to 'opt in' vs. 'opt out'. Under 'opt in' regulations,
businesses must provide consumers with a written notice stating their
intent to share personal information. That information cannot be shared
unless the consumer provides a written consent allowing its use. In
an 'opt out' situation, the consumer must pro-actively ask not to have
their personal information shared.
In Minnesota, legislation relating
to telecommunications, financial institutions' sharing of customer data,
medical records privacy, government records, and telemarketing has been
introduced in the last several years:
State policy makers face the fundamental question of how to strike a
balance between the free flow of public information and the protection
of personal information. "Any bill that attempts to protect consumer
privacy may be challenged as a violation of the Commerce Clause in the
U.S. Constitution" Stateline Midwest (July 2000). While state
legislatures are giving careful consideration to these complex privacy
issues, many believe decisions on privacy should be handled by the
Federal Government.
LEGISLATIVE HISTORY:
Minnesota Government Data Practices -
Minnesota Statutes, Chapters
13, 13A, 13B, 13C (See Laws of Minnesota 1979, Chapter 328, Section
1, Laws of Minnesota 1974, Chapter 479 and Privacy of Communications Act: Laws of Minnesota 1969, Chapter 953.)
SIGNIFICANT BOOKS AND REPORTS:
Commercial Data Mining of Criminal Justice System Records / Delivery Team Report to the Criminal and Juvenile Justice Information Task Force. St. Paul: Criminal and Juvenile Justice Information Task Force, 2008 (JK6149.R4 C66 2008)
Data Practices: Analyze, Classify and Respond. St. Paul: League of Minnesota Cities Research Foundation, 2007 (KFM5862.6.A25 D38 2007)
Greenberg, Pam. States and Internet Privacy. Denver, CO: National Conference of State Legislatures, 2004. (KF1263 .C65 G74 2004)
Guarding your Privacy: Tips to Prevent Identity Theft. St. Paul: Minnesota Attorney General,
2007. (HV6679 .G83 2007)
Identity Theft: Prevalence and Cost Appear to be Growing. Washington, D.C.: United States General Accounting Office, March 2002. (KFM5908.C7 I53 2002)
McKnight, Deborah K. Minnesota Government Data Practices Act: A Data Privacy Overview. St. Paul: Research Dept., Minnesota House of Representatives, 2005. (KFM5862.6.A25 M35 2005)
Lackey, Cindy J. State Official's Guide to Internet Privacy. Lexington, KY: Council of State Governments, 2002. (KF1263.C65 L33 2002)
Notturno, Mark Amadeus, editor. Privacy and Privacy Rights. Parkersburg, WV : The Interactivity Foundation Press, 2005. (JC596.2.U5 P74 2005)
O'Harrow, Robert, Jr. No Place to Hide. New York, NY: Free Press, 2005.
A Report on Genetic Information and How it is Currently Treated Under Minnesota Law. St. Paul: Minnesota Dept. of Administration, 2006. (KFM5862.5.P8 R47 2006)
The Right to Privacy: Protecting Sensitive Personal Information from Commercial
Interests in the 21st Century. St. Paul: Minnesota Attorney General, 2000.
(KF1262.Z9 R54 2000)
Smith, Robert Ellis. Ben Franklin's Website: Privacy and Curiosity
from Plymouth Rock to the Internet. Providence, RI: Privacy Journal,
2000. (JC596.2.U5 S646 2000)
Smith, Robert Ellis. Compilation of State and Federal Privacy Laws.
Providence, RI: Privacy Journal, 1997. (REF KF1262.A29 C66) Library has 2002 edition with 2008 supplement.
Solove, Daniel J. The Digital Person: Technology and Privacy in the Information
Age. New York City, NY: New York University Press, 2004. (KF1263 .C65 S688 2004)
SIGNIFICANT ARTICLES:
Adams, Rebecca. "Data Drip." CQ Weekly, July 10, 2006, p. 1846-1853.
Adams, Rebecca. "Progress vs. Privacy: A Project to Gather and Study Americans' DNA
Over Many Years Has Privacy Advocates Questioning if the Government
Can Keep the Database Out of Public View". CQ Weekly, May 26, 2008,
p. 1404 - 1412
Colburn, Joshua L. ""Don't Read This If It's Not for You": The Legal Inadequacies of Modern Approaches to email Privacy." Minnesota Law Review, Vol. 91, No. 1, November 2006, p. 241-264.
Donohue, Laura K. "Anglo-American Privacy and Surveillance." The Journal of Criminal Law and Criminology, Vol. 96, No. 3, Spring 2006, p. 1059-1208.
"The Future of Privacy." Scientific American - Special Issue,
September 2008, Volume 299, Number 3, entire issue.
Harris, Blake. "Hung
Jury: State Courts Struggle to Find Balance between Electronic Access and Privacy
Rights." Government Technology, April 2003, p. 36, 38.
Marshall, Patrick. "Online Privacy: Do Americans Need Better Priotection?" CQ Reseacher, Vol. 19, No. 39, November 6, 2009, entire issue.
McCreary, Lew. "What Was Privacy? Privacy As We Knew It Is Virtually Gone. Why Should You Care? What Should Your Business Do About It?". Harvard Business Review, October 2008, p. 123-131.
McKay, Jim. "Big
Brother: Is He Watching You? Super Computer Systems that Track our Everyday Transactions
have Many on Edge". Government Technology, April 2003, p. 19-20, 22, 24.
Opsahl, Andy. "Dangerous Convenience: Personal Information Contained in Public Documents Raises Questions About Whether Those Documents Should Appear Online".
Government Technology, July 2008, p. 22 - 27.
Perlman, Ellen. "eHealth Confidential: Can Health Information Exchange Systems Keep Snoops Out of Patients' Online Records?". Governing, Sept 2007, p.
63 - 66.
Roberds, William and Schreft, Stacey L. "Data Security, Privacy, and Identity Theft: The Economics Behind the Policy Debates". Federal Reserve Bank of Chicago - Economic Perspectives, First Quarter 2009, p. 22-30.
Weissman, Gary A. and Gemberling, Donald A. "Access to Court Records in Minnesota". Bench and Bar, Apr 2008, p. 29 – 31.
SIGNIFICANT INTERNET RESOURCES:
Center for Democracy and Technology
-- A not-for-profit public-interest group, working to promote new
forms of Net-centered governance for privacy that will serve as models
for governance on the Internet.
Electronic Frontier Foundation
-- A member supported organization protecting rights and promoting
freedom in cyberspace.
Federal Trade Commission (FTC) Privacy and Security
-- See also their ID Theft, Privacy, & Security page.
Minnesota Attorney General's Office -- The office "fights
for stronger privacy protection on three main fronts- law enforcement,
legislative advocacy, and public education." See their website on Protecting
your Privacy.
Online Privacy Alliance
-- Membership of corporations and associations promoting business-wide
actions that foster the protection of individual's privacy online.
Privacy & Security - Telecommunications and Information Technology -- A National Conference of State Legislatures website with links to state laws, task forces, and policies.
Privacy Journal
-- The online companion to the monthly newsletter by the same name published by
Robert Ellis Smith.
Privacy Rights Clearinghouse
-- A nonprofit consumer information and advocacy group that offers
consumers in-depth information on a variety of privacy issues, including
useful fact sheets.
Privacy.org -- A site for
news, information and action from Electronic
Privacy Information Center (EPIC), a public interest research
center in Washington, D.C..
TRUSTe -- An Internet privacy
seal program operating independently from government and industry.
Provides Web businesses with a mechanism for self-regulation.
U.S. Department Health and Human Services - Office for Civil Rights - HIPAA -- Health Insurance Portability and Accountability Act and medical privacy.
ADDITIONAL LIBRARY RESOURCES:
Check the following codes in the Newspaper Clipping File and the
Vertical File: P150 (Privacy), R40 (Records & Record Management),
M7 (Mailing Lists)
For additional articles, check the following Inside Issues headings:
Privacy
For additional reports at the Legislative Reference Library, use these
Library catalog searches:
Data Protection;
Identity Theft;
Electronic Privacy.
FEDERAL LEGISLATION HIGHLIGHTS:
1966 - The Freedom of Information Act (5 U.S.C. § 552) -- Gives
any person the right to request access to federal agency records or
information.
1970 - Fair Credit Reporting Act (15 U.S.C. §§ 1681 et seq.)
-- Governs certain kinds of financial and other personal information
included within the definition of a "consumer report."
1974 - The Privacy Act (5 U.S.C. § 552a) -- Establishes certain
controls over what personal information is collected by the federal
government and how it is used. The act guarantees three primary rights:
(1) the right to see records about oneself, subject to the Privacy
Act's exemptions; (2) the right to amend that record if it is inaccurate,
irrelevant, untimely, or incomplete; and (3) the right to sue the
government for violations of the statute, including permitting others
to see your records, unless specifically permitted by the act.
1986 - Electronic Communications Privacy Act (18 U.S.C. § 2511,
aka Wiretap Act) -- Extends the coverage of Title III to new forms
of voice, data and video communications including cellular phones,
electronic mail, computer transmissions, and voice and display pagers.
1994 - Drivers Privacy Protection Act (18 U.S.C. § 2721)
-- Creates a baseline standard of privacy protection for state DMV records.
1996 - Health Insurance Portability and Accountability Act
(Public Law 104-191) -- Creates new restrictions on electronic health care
data.
1998 - Identity Theft and Assumption Deterrence Act (18 U.S.C.
Chapter 47) -- Prohibits knowingly transferring or using, without lawful
authority, a means of identification of another person with the intent
to commit, or to aid or abet, any unlawful activity that constitutes
a violation of Federal law, or that constitutes a felony under any
applicable State or local law.
1998 - Children's Online Privacy Protection Act (15 U.S.C.
§ 6501) -- Commercial websites designed for children must now obtain
"verifiable parental consent" before collecting, using,
or disclosing personal information from all children under 13.
1999 - Gramm, Leach, Bliley Financial Services Modernization
Act (15 U.S.C. Chapter 94) -- Requires all financial services firms
to provide annual notices about their data-use policies to all their
customers, and also to provide mechanisms for customers to "opt
out" - to decide that they no longer want information about them
to be used in certain ways.
2002 - USA Patriot Act (Public Law No: 107-56) -- Updated surveillance laws to reflect the digital world and expands surveillance powers of law enforcement and intelligence gathering agencies. Many provisions in the act were set to expire in 2005. The USA Patriot Act was reauthorized by the USA PATRIOT and Terrorism Prevention Reauthorization Act of 2005 (Public Law No: 109-177) and USA PATRIOT Act Additional Reauthorizing Amendments Act of 2006 (Public Law No: 109-178).
GROUPS INVOLVED WITH THIS ISSUE: