Difference between revisions of "Privacy by the numbers"

From Simson Garfinkel
Jump to navigationJump to search
m
m
Line 4: Line 4:


$10,000 — The amount for a cash transaction under the Bank Secrecy Act of 1970 for which a bank must file a Currency Transaction Report (CTR).  
$10,000 — The amount for a cash transaction under the Bank Secrecy Act of 1970 for which a bank must file a Currency Transaction Report (CTR).  
$16,000 — The amount that a court may fine for each civil violation of the Children's Online Privacy Protection Act (COPPA).


$25,000 — The amount for any transaction under the Bank Secrecy Act where a bank must file a Suspicious Activity Report (SAR), even if the bank does not know the identity of the perpetrator.
$25,000 — The amount for any transaction under the Bank Secrecy Act where a bank must file a Suspicious Activity Report (SAR), even if the bank does not know the identity of the perpetrator.
10 days — How long an email operator has to honor a CAN-SPAM opt-out request.
30 days — How long an email operator must process a CAN-SPAM opt-out request after the mail message is sent.


45 days — How many days a school has to provide records under FERPA
45 days — How many days a school has to provide records under FERPA
Line 12: Line 18:


60 days — How many days does a covered entity have to notify a person of a breach of Protected Health Information?
60 days — How many days does a covered entity have to notify a person of a breach of Protected Health Information?
18 months — The duration of an existing business relation under the Telephone Consumer's Privacy Act. That is, businesses can call a consumer for this long after a transaction, even if the consumer's name is on the National Do Not Call List


1 year — How often the consumers may obtain 1 free credit report from each consumer reporting agency.
1 year — How often the consumers may obtain 1 free credit report from each consumer reporting agency.

Revision as of 03:56, 15 October 2016

$2500 — FCRA statutory maximum penalty for actual damages in the case of willful violations; courts may add punitive damages and attorney's fees.

$5000 — The amount for a cash transaction under the Bank Secrecy Act of 1970 for which a bank must file a Suspicious Activity Report (SAR)

$10,000 — The amount for a cash transaction under the Bank Secrecy Act of 1970 for which a bank must file a Currency Transaction Report (CTR).

$16,000 — The amount that a court may fine for each civil violation of the Children's Online Privacy Protection Act (COPPA).

$25,000 — The amount for any transaction under the Bank Secrecy Act where a bank must file a Suspicious Activity Report (SAR), even if the bank does not know the identity of the perpetrator.

10 days — How long an email operator has to honor a CAN-SPAM opt-out request.

30 days — How long an email operator must process a CAN-SPAM opt-out request after the mail message is sent.

45 days — How many days a school has to provide records under FERPA

60 days — How many days a consumer reporting agency has to provide records under FCRA

60 days — How many days does a covered entity have to notify a person of a breach of Protected Health Information?

18 months — The duration of an existing business relation under the Telephone Consumer's Privacy Act. That is, businesses can call a consumer for this long after a transaction, even if the consumer's name is on the National Do Not Call List

1 year — How often the consumers may obtain 1 free credit report from each consumer reporting agency.

13 years — Under what age are people protected by the Children's Online Privacy Protection Act?

500 people — If a breach of Protected Health Information affects more than this number of people, the Secretary of HSS and prominent media outlets serving the state or jurisdiction must be notified.


Years

1970 — Fair Credit Reporting Act (FCRA)

1986 — Electronic Communications Privacy Act (ECPA)

1994 — Communications Assistance for Law Enforcement Act (CALEA)

1996 — Health Insurance Portability and Accountability Act (HIPAA)

1998 — Children's Online Privacy Protection Act (COPPA)

1999 — Gramm-Leach-Bliley Act (GLBA), also the Financial Services Modernization Act

2003 — Telephone Consumer Protection Act

2003 — Fair and Accurate Credit Transactions Act ("FACTA"), implemented the Disposal Rule (to properly dispose of paper and electronics containing consumer reports) and the Red Flags Rule (to identity patterns of indicative of identity theft).

200x — Health Information Technology for Economic and Clinical Health ("HITECH") Act, extends HIPAA Security Rule to business associates

— Dodd-Frank Wall Street Reform and Consumer Protection Act