Introduction
to U.S. Law
Introduction
to U.S. Law
I. Introduction to the U.S. Privacy Environment
A. Structure of U.S. Law Branches of government, sources of law, legal definitions, regulatory authorities, understanding laws
a. Branches of government
b. Sources of law
i. Constitutions
ii. Legislation
iii. Regulations and rules
iv. Case law
v. Common law
vi. Contract law
c. Legal definitions
i. Jurisdiction
ii. Person
iii. Preemption
iv. Private right of action
d. Regulatory authorities
i. Federal Trade Commission (FTC)
ii. Federal Communications Commission (FCC)
iii. Department of Commerce (DoC)
iv. Department of Health and Human Services (HHS)
v. Banking regulators
1. Federal Reserve Board
2. Comptroller of the Currency
vi. State attorneys general
vii. Self-regulatory programs and trust marks
e. Understanding laws
i. Scope and application
ii. Analyzing a law
iii. Determining jurisdiction
iv. Preemption
B. Enforcement of U.S. Privacy and Security Laws Criminal vs. civil liability General theories of legal liability
a. Criminal versus civil liability
b. General theories of legal liability
i. Contract
ii. Tort
iii. Civil enforcement
c. Negligence
d. Unfair and deceptive trade practices (UDTP)
e. Federal enforcement actions
f. State enforcement (Attorneys General (AGs), etc.)
g. Cross-border enforcement issues (Global Privacy Enforcement Network (GPEN))
h. Self-regulatory enforcement (PCI, Trust Marks)
C. Information Management from a U.S. Perspective
a. Data sharing and transfers
i. Data inventory
ii. Data classification
iii. Data flow mapping
b. Privacy program development
c. Managing User Preferences
d. Incident response programs
i. Cyber threats (e.g. ransomware)
e. Workforce Training
f. Accountability
g. Data retention and disposal (FACTA)
h. Online Privacy
i. Privacy notices
j. Vendor management
i. Vendor incidents
ii. Cloud issues
k. International data transfers
i. U.S. Safe Harbor and Privacy Shield
ii.Binding Corporate Rules (BCRs)
iii. Standard Contractual Clauses
iv. Other approved transfer mechanisms
l. Other key considerations for U.S.-based global multinational companies
i. GDPR requirements
ii. APEC privacy framework
m. Resolving multinational compliance conflicts
i. EU data protection versus e-discovery