Privacy by the numbers

From Simson Garfinkel
Revision as of 18:47, 22 October 2016 by Simson (talk | contribs)
Jump to navigationJump to search

$2500 — FCRA statutory maximum penalty for actual damages in the case of willful violations; courts may add punitive damages and attorney's fees.

$5000 — The amount for a cash transaction under the Bank Secrecy Act of 1970 for which a bank must file a Suspicious Activity Report (SAR)

$10,000 — The amount for a cash transaction under the Bank Secrecy Act of 1970 for which a bank must file a Currency Transaction Report (CTR).

$16,000 — The amount that a court may fine for each civil violation of the Children's Online Privacy Protection Act (COPPA).

$25,000 — The amount for any transaction under the Bank Secrecy Act where a bank must file a Suspicious Activity Report (SAR), even if the bank does not know the identity of the perpetrator.

10 days — How long an email operator has to honor a CAN-SPAM opt-out request.

30 days — How long an email operator must process a CAN-SPAM opt-out request after the mail message is sent.

45 days — How many days a school has to provide records under FERPA

60 days — How many days a consumer reporting agency has to provide records under FCRA

60 days — How many days does a covered entity have to notify a person of a breach of Protected Health Information?

18 months — The duration of an existing business relation under the Telephone Consumer's Privacy Act. That is, businesses can call a consumer for this long after a transaction, even if the consumer's name is on the National Do Not Call List

1 year — How often the consumers may obtain 1 free credit report from each consumer reporting agency.

13 years — Under what age are people protected by the Children's Online Privacy Protection Act?

10 people — The number of people at a company in Germany that triggers the need to hire a data protection officer.

500 people — If a breach of Protected Health Information affects more than this number of people, the Secretary of HSS and prominent media outlets serving the state or jurisdiction must be notified.

10,000 people — Number of people in a database, in Israel, that triggers regulation by the country's data protection commissioner.


Years

1970 — Fair Credit Reporting Act (FCRA)

1980 — Privacy Protection Act, protects journalists and newsrooms from government searches.

1986 — Electronic Communications Privacy Act (ECPA)

1994 — Communications Assistance for Law Enforcement Act (CALEA)

1996 — Health Insurance Portability and Accountability Act (HIPAA)

1998 — Children's Online Privacy Protection Act (COPPA)

1999 — Gramm-Leach-Bliley Act (GLBA), also the Financial Services Modernization Act

2003 — Telephone Consumer Protection Act

2003 — Fair and Accurate Credit Transactions Act ("FACTA"), implemented the Disposal Rule (to properly dispose of paper and electronics containing consumer reports) and the Red Flags Rule (to identity patterns of indicative of identity theft).

2009 — Health Information Technology for Economic and Clinical Health ("HITECH") Act, extends HIPAA Security Rule to business associates

2010 — Dodd-Frank Wall Street Reform and Consumer Protection Act

2013 — California Online Privacy Protection Act (CalOPPA) amended to cover all online tracking operators to comply with regulations requiring that all websites and online operators collecting personally identifiable information about Californians to post a privacy policy.