Information Technology Acts: Laws Protecting Privacy & Information

Important Laws Impacting Information Technology

The rapid growth of the internet presents a variety of benefits including faster and cheaper communication. This technology has also presented many ethical challenges such as maintaining privacy and security of information. In order to balance these interests a variety of laws have been created that try to utilize this technology and protect users.

Beginning in the late 1960’s and early 1970’s advancements in electronic communications between merchants, credit agencies, and banks allowed information and money to be accessed quickly and efficiently (Crede, 2002). For example, debit card transactions were made almost immediately at the point of sale and banks and merchants could begin checking credit reports to determine loans. This advancement in electronic communications created several ethical problems that necessitated the creation of laws.

During this time, credit reports could be accessed with relative ease and there was little protection for the consumer. As a result, consumers were vulnerable to having personal financial information accessed without their permission. Banks or creditors could access individual credit reports and terminate dealings without giving consumers a reason (Affordable Educators, 2013). Personal information could also lead to identity theft in which loans or credit cards were taken out in other people’s names.

The Fair Credit Reporting Act of 1970

The Fair Credit Reporting Act of 1970 was created to solve these ethical issues with credit reporting. The Act created consumer rights concerning credit and personal information. Credit reporting agencies were now required to abide by specific rules that governed: allowable purposes for generating a consumer report; allowable information in reports, and the right for consumers to disallow unauthorized reports (Affordable Educators, 2013). Most importantly, the Act made credit reporting agencies responsible for verifying the identity and authorization for reports being generated. As a result, consumers were no longer at the mercy of creditors and people seeking to steal information.

Similar to the reasons for the Fair Credit Reporting Act, advances in electronic communications made the transferring of money fast and efficient for both consumers and companies. But as a result of this advancement in communications, consumers were now prone to electronic fraud. As a result of this situation, The Electronic Fund Transfer Act of 1978 was created.

The Electronic Fund Transfer Act of 1978

Before the Electronic Fund Transfer Act of 1978, the rights of the electronic fund transfer users were undefined and ambiguous (Affordable Educators, 2013). If a person had money stolen via a stolen debit or credit card, the banks were not obligated to cover these unauthorized transactions. The Act created specific regulations concerning electronic transfers. As a result, Consumers were now given rights and protections under the law. These rights and protections included: limits on the amount of unauthorized transfers a consumer may be held liable for and guidelines for how unauthorized transfer disputes and credit fraud needed to be handled (Affordable Educators, 2013).

Both the Fair Credit Reporting Act of 1970 and the Electronic Fund Transfer Act of 1978 would provide consumers with more rights and better protections created by advancements in electronic communications. By placing a level of responsibility on banks, merchants, and credit reporting agencies many ethical issues concerning the electronic transmission of data and transfer of money were resolved. The laws have continued to provide this protection since their inception but due to the date of inception have required expansion and additional laws to continue protecting data and people.

Two laws which directly impact the usage of the internet and other communications platforms include the Health Insurance Portability and Accountability Act (HIPAA) and the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (Patriot).

The Health Insurance Portability and Accountability Act (HIPAA)

In 1996, the U.S. Congress passed HIPAA into law. HIPAA serves two important purposes with regard to communication. One aspect of the law is that it serves to protect individual privacy and stop the leakage of a person’s health information. HIPAA’s second function is to allow for the creation of a simplified network for transferring health care information between providers (Department of Health and Human Services, 2011). The law was created with the idea of taking advantage of advancements in electronic communications while also providing protection for healthcare information.

HIPAA increases the speed in which records are transferred by allowing healthcare networks to exchange client information without written consent. The networks must however, provide written notice to the individual concerning the intended exchange of information. The law allows physicians to share client information with other physicians within the same organization (Department of Health and Human Services, 2011). This makes information more accessible.

HIPPA provides guidelines for how healthcare information is transmitted electronically. The law allows for more efficient access of information between doctors and healthcare networks but also compels the healthcare agents to communicate any sharing of information with the patient. This law was specifically designed to control the flow of healthcare information across communications platforms such as email and faxing.

Patriot

In contrast to laws such as HIPAA, there have been some laws which seem to work against protecting information and privacy. In October 2001, the United States government enacted the USA PATRIOT Act in the aftermath of 9/11. The PATRIOT Act increased the search and surveillance authority of the Federal Bureau of Investigation (FBI) and other law-enforcement agencies. The law also, “lowered the standard for judicial approval of wiretapping when terrorist activity was at issue” (Patterson, 2009 pg. 112). The PATRIOT Act allowed the FBI to inspect business, library, financial, student, and medical records.

This increase in authority undermined the protections of many laws such as HIPAA. The cornerstone of thought behind the Patriot Act was that terrorists were using electronic communications to carry-out and facilitate their activities and by allowing law enforcement these powers it would reduce the risk of terrorism.

The Patriot Act has been extremely controversial and from 2001 to 2006 it came under fire from many different groups proclaiming it to be unconstitutional. In 2006 the Act was renewed but with some of its provisions altered in order to try and satisfy those who felt it was an attack on privacy and freedom. These provisions included:

1 — Recipients of court-approved subpoenas for information in terrorism investigations now have the right to challenge a requirement that they refrain from telling anyone. However, recipients must wait a year before challenging the gag order.
2 — The second change concerns recipients of a so-called National Security Letter, which is an administrative subpoena issued by the FBI demanding records. Recipients will no longer be required to tell the FBI the name of any attorney consulted about the letter.
3 — Most libraries — those that act in traditional roles, such as lending books and providing Internet access — will not be subject to National Security Letters demanding information about suspected terrorists. However, libraries that act as an Internet Service Provider will still be subject to National Security Letters (Abramson & Godoy, 2006).

While the changes in the Patriot Act did not satisfy all opponents it did allow for the renewal of the law. The nature of electronic information and the rapid growth of electronic communications have created many issues for the legal system. Laws that date back to the 1950’s and 1960’s were now in need of updates in order to balance personal freedom with security. For this reason, laws like HIPAA were made and laws like the Patriot Act must be scrutinized and restructured.

References

Abramson, L., & Godoy, M. (2006, February 14). The patriot act: Key controversies. Retrieved from http://www.npr.org/news/specials/patriotact/patriotactprovisions.html

Affordable Educators. (2013). Agents & identity theft online study book. Retrieved from Agents & Identity Theft Online Study Book

Crede, A. (2002). Electronic commerce and the banking industry: The requirement and opportunities for new payment systems using the internet. Journal of Computer-Mediated Communication’s, 1(3)

Department of Health and Human Services (2011) Understanding Health Information Privacy Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html

Patterson, T. E. (2009). The American democracy (9th ed.). New York, NY: McGraw-Hill.

Photo by Tetiana SHYSHKINA on Unsplash