Privacy Law Guide   Tags: advanced_legal_research  

The topic of privacy and data security is a new and evolving  area of the law that deals with the protection of individuals' confidential information.  There are a number of areas of law that have to do with data security and privacy, and a growing number of laws of have been passed which, in part, deal with the protection of confidential information.  Some of the more well known acts include: HIPPA which concerns privacy of health care records, the Fair and Accurate Credit Transaction Act (FACTA) which concerns credit reporting information, the Childern's Online Privacy Protection Act (COPPA) which deals with the online collection of personal information from children under 13 years of age, and the Gramm-Leach-Bliley Act which requires financial institutions to safeguard customers' sensitive data.  In general, the subject of data privacy is broad, and contemplated in a number of places in the law.

Perhaps one of the most publicized topics of privacy and data security in the current environment regards the loss of customer information from companies.  Open the Wall Street Journal or other papers and you very possibly will see an article dealing with a business that has either lost, or had stolen, some elements of what would be perceived confidential information.  For example: Sony Entertainment (loss of over 100 million customer credit card numbers), T.J. Maxx (45 million credit and debit card numbers stolen), CardSystems Data (loss of 40 million credit and debit card numbers),  and AT&T (security hole that exposed the email addresses of 100,000 iPad owners) are just a few of the data breaches that have occurred recently. 

This research guide is iintended to be used as a resource for the field of information and data security law.  In particular, the guide focuses on state laws, and possible federal legislation, that deal with the identification of personally identifiable information (PII), safeguards that need to be taken to protect this information, notification to the proper agencies and authorities if there is a breach of this information, and penalties associated with such breaches. 

Further, this guide also contains resources pertaining to the field of Payment Card Industry (PCI) compliance.  PCI is a data security standard created by the PCI counsel, and applies to all entities that accept electronic form of payment, such as credit cards and debit cards, for transactions.  Although not government imposed, PCI compliance requires adhering to standards for the handling, storing, and processing of these electronic forms of payment, and further imposes penalties if a merchant is found to be out of compliance.

Ed Rinderle is a student at the Georgia State University School of Law, and will be graduating in December, 2011.  Mr. Rinderle currently works in the Information Technology department of a large, privately held hospitality company based in Atlanta, Georgia.  Being involved in the world of I.T. and working in a corporate environment have given Mr. Rinderle broad experience in dealing with business issues regarding PCI compliance and privacy and data security, the focus of this research guide.  Mr. Rinderle holds an undergraduate degree in chemical engineering, received from Clemson University in 1996.

Bibliographies on this Web site were prepared for educational purposes by law students as part of Nancy P. Johnson's Advanced Legal Research course. The Law Library does not guarantee the accuracy, completeness, or usefulness of any information provided. Thorough legal research requires a researcher to update materials from date of publication; please note the semester and year the bibliography was prepared.