Digital Privacy from Kindergarten to the Grave
In late February, the White House released a discussion draft of the Consumer Privacy Bill Of Rights Act of 2015, otherwise known as the Privacy Act.
The stated purpose of the bill is to establish “baseline protections for individual privacy in the commercial arena and to foster timely, flexible implementations of these protections through enforceable codes of conduct.”
The Act would protect “personal data,” defined to include:
- a person’s name
- postal or email address
- telephone and/or fax number
- a Social Security number, tax ID, passport number, driver’s license number, or any other government-issued ID number
- biometric indicators, such as fingerprints and voice prints
This latest legislative initiative is just one of a patchwork of state and federal laws intended to protect consumer privacy.
Although privacy laws have existed for some time, and privacy policies are now standard features on websites, existing privacy legislation is not always effectively enforced.
As the New York Times recently reported, many schools nationwide are experimenting with apps and other software that customize teaching to a student’s individual progress and aptitude.
These apps are often offered to schools for free, so that the developers can get a foot in the school door. Teachers may adopt these apps, on a classroom-by-classroom basis, without any kind of review or approval by the school or district’s IT managers.
Through using educational software, some school districts have experienced data breaches and in a few cases student records were posted on the Internet.
To prevent such breaches, one Missouri school district requires that every app that a teacher wants to use must be checked by the district’s director of instructional technology to make sure that commercial products are not pushed on the students via the app and that the students’ details are not shared with third parties.
School districts that fail to take adequate precautions risk running afoul of federal law.
For example, the Family Educational Rights and Privacy Act requires school districts to maintain the confidentiality of student records.
The Children’s Online Privacy Protection Act allows schools to let online providers collect personal data from children. However, the Federal Trade Commission recommends that the decision about when to do so should not be made on a teacher-by-teacher basis.
Afterlife Social Media
At the other end of the privacy lifecycle, social media companies are working to come up with policies to deal with the accounts of members who die.
19 states have created laws to protect digital assets and give family members or other designated digital executors power to maintain and update social media for the deceased.
A list of these laws by state can be seen here.
For example, in Indiana executors may access a deceased person’s email accounts, social networking accounts, blogs, and text messages.
Facebook recently changed its policy to allow users to designate a “legacy contact” or have the account deleted after death.
If an account holder fails to take the necessary steps in advance, after death family members or other executors can seek a court order allowing them to take action with respect to social media and email accounts. However this process can be expensive, time-consuming, and not always successful.
If you have questions about privacy law issues, you may wish to consult an attorney in your area.