Additional Internet Privacy Notes
______________________________________________________________
Fair information policies should recognize and balance two opposing social values: the need for a free flow of information in our political and economic systems and the need for personal privacy.
______________________________________________________________
Sectoral Approach: Individual privacy safeguards are found in a patchwork of federal and state statutes targeted at regulating the use of specific types of information (e.g., medical records) or particular classes of information users (e.g., government agencies).
______________________________________________________________
Market approach is premised on the notion that there will be greater consumer demand for privacy-enhancing products and policies. Privacy would become a market commodity, and a competitive market for privacy protection would develop. The market itself would then protect privacy on a sectoral basis without the need for government intervention.
______________________________________________________________
Single Regulatory Agency would have the power to quickly change practices through rulemaking and adjudication. It also would reflect an overarching and proactive approach. However, the one-size-fits-all approach might not serve all the different concerns raised in separate areas of privacy. The NII committee also concluded that creating an expensive new bureaucracy would face considerable opposition.
______________________________________________________________
Electronic Communications Privacy Act is the only federal act that specifically addresses interception of e-mail. The law makes it a federal crime to intentionally or willfully intercept, access, disclose or use another’s wire, oral or electronic communications. E-mail falls into that category.
Civil damages include actual damages suffered and any profits made by the violator, or statutory damages (the greater of $100 a day for each day of violation or $10,000). It is also possible to get attorney's fees, costs and equitable relief.
Criminal penalties can be up to five years imprisonment and fines up to $5,000.
The ECPA forbids intercepting other people's private e-mail, but it has exceptions. For example, an on-line provider can look at your e-mail if it suspects you are trying to harm the system, harm another person, or commit an illegal act.
The ECPA does not establish a right to privacy of e-mail communications in the workplace. Under its Employer Provider Exception, an employer can justify interceptions made in the ordinary course of business and that either (1) were necessary to the rendition of the service or (2) were necessary to protect its rights or property.
So a company can use trade secrets, confidential information, or system maintenance as excuses for the interception. The employer also can argue that monitoring is needed for quality control checks.
ECPA also states that the "provider of electronic communication service or remote computing service may disclose a record or other information pertaining to a subscriber or customer of such service . . . to any person other than a governmental entity." When such information is sought by a governmental entity, the information may only be disclosed if the governmental entity has obtained a warrant, court order or the consent of the subscriber.
______________________________________________________________
Michael A. Smyth v. Pillsbury Co., 914 F. Supp. 97 (E.D. Pa. 1996):
The court held that no reasonable expectation of privacy existed in e-mail voluntarily made to one's supervisor, even though Smyth claimed that the company had stated e-mail was private. Smyth also lost any reasonable expectation of privacy once he sent the "unprofessional comments" to a second person over an e-mail system used by the entire company. The court also said the company's interest in preventing inappropriate or unprofessional comments and even illegal activity over its e-mail outweighed any privacy interest of the employee.
______________________________________________________________
Excerpts from OSU's Policy on Use of Electronic Mail (July 1997):
"E-mail messages shall be delivered to the addressees and not censored or interfered with in any way by the University.
"Individually addressed e-mail communications may not be intercepted by any third party except as noted below. This does not prevent persons who have legitimately received electronic mail messages from forwarding such messages on to third parties.
"Users of the University's e-mail services are required at all times to observe all laws relating to copyright, trademark, and trade secrets protection.
"Account holders may not use encrypting programs when engaging in e-mail communications except as specifically authorized in advance in writing by CIS.
"Under certain circumstances the OSU Postmaster(s) alternate(s), or the Assistant Director, Technical Services, CIS, may, in the course of his or her professional duties, access an individual's e-mail for legitimate management or maintenance purposes."
_____________________________________________________________
The Children's Online Privacy Protection Act prohibits Web sites or online services from collecting personal information about children without parental consent. Under the statute, a child's participation in a game, the offering of a prize, or another activity cannot be conditioned upon the child disclosing more personal information than is reasonably necessary to participate in such activity.
Return to Media Law Home Page