صور الصفحة
PDF
النشر الإلكتروني

1983]

COMPUTERS AND PRIVACY

5. Tax Reform Act of 1976

467

The Internal Revenue Service is exempted from statutes that deny access to an individual's personal records held by third parties. The Tax Reform Act of 1976,145 however, requires that a taxpayer be notified when records of his transactions are subpoened from a bank, credit reporting agency, or other party.

6. Right to Financial Privacy Act of 1978

The Right to Financial Privacy Act 147 was intended to restrict the federal government's access to financial records. In apparent response to United States v. Miller,148 Congress imposed a duty of confidentiality on financial institutions. 149 Financial institutions often serve as creditors and their records are likely to contain credit reporting agency reports.

The federal government may be permitted access to such records by securing the written consent of the individual. Other methods include obtaining: a subpoena, a court order, or a search warrant.150 Whenever the federal government seeks access to financial records, the individual must be notified.151 Governmental access may be challenged in every instance except those in which a search warrant was obtained. A civil remedy against the government or the financial institution is available. 152 A fine of $100 per violation, actual damages, court costs, and attorney's fees may be awarded. Punitive damages are available, if the violation was willful. 153

7. Fair Credit Billing Act

The Fair Credit Billing Act (Act)154 enhances the protection that an individual has from inaccuracies in credit data. Detailed provisions exist for correcting billing errors. 155 The Act establishes a procedure for an obligor to identify his or her account, register the alleged error, and state the reasons for believing that an error exists. 156 The creditor has thirty days in which to respond. 157 Upon receiving notice from the obligor that an error might exist, the creditor may not issue an adverse report concerning the obligor's credit. 158

145. Tax Reform Act of 1976, Pub. L. No. 94-455, 90 Stat. 1525 (codified in scattered sections of 26 U.S.C.).

146. 26 U.S.C. § 7609(a) (1976 & Supp. IV 1980).

147. 12 U.S.C. §§ 3401-3422 (1976 & Supp. IV 1980).

148. 425 U.S. 435 (1976). See supra note 91 and accompanying text.

149. H.R. REP. No. 1383, 95th Cong., 2d Sess. 7, reprinted in 1978 U.S. CODE CONG. & AD. NEWS 9273, 9305-06.

150. 12 U.S.C. §§ 3406-3409 (1976 & Supp. IV 1980).

151. Id. § 3405.

152. Id. § 3417.

153. Id.

154. 15 U.S.C. § 1666 (1976).

155. Id. § 1666(a).

156. Id.

157. Id.

468

DENVER LAW JOURNAL

8. Federal Reports Act

[Vol. 60:3

Section 3508 of the Federal Reports Act 159 restricts the exchange of information between federal agencies and imposes penalties for unauthorized disclosures. 160 When the agency seeks to acquire confidential information on an individual, its justification defense is limited by the Act. 161

C. State Legislation

Supreme Court policy has generally been to allow individual states to define privacy rights. In Katz v. United States, 162 the Court held that: "[P]rotection of a person's general right to privacy-his right to be let alone by other people-is, like the protection of his property and of his very life, left largely to the law of the individual States."163

At the state level, legal protection afforded privacy remains limited, inconsistent, and fragmented. Only ten states have provisions in their constitutions, which expressly protect privacy. 164 Seven of these states confer more limited recognition on the privacy right by closely associating it with the prohibition against unreasonable searches and seizures. 165 Florida, for example, extends protection "against the unreasonable interception of private communications by any means."166 The Illinois, Hawaii, Louisiana, and South Carolina privacy provisions are broader, protecting against "invasions of privacy.' "167 Washington and Arizona have narrower privacy provisions, which serve as the functional equivalent of the prohibition against illegal searches and seizures. 168

Privacy in the state context is also protected through judicial interpretation. Some state courts have imported a limited constitutional right of privacy into general provisions of their respective state constitutions. 169 Some of these states later inserted an express privacy provision into the appropriate section of their constitutions through legislation. 170 While the notion of privacy is a relatively new area for the United States Supreme Court, it is even newer to the states. With the exceptions of Arizona and Washington, the right of privacy has been included in state constitutions only since 1968.

[blocks in formation]

164. ALA. CONST. art. I, § 22; ARIZ. CONST. art. II, § 8; CAL. CONST. art. § 12; Fla. Const. art. I, § 12; HAWAII CONST. art. I, § 5; ILL. CONST. art. I, §§ 6, 12; LA. CONST. art. I, § 5; MONT. CONST. art. II, § 10; S.C. CONST. art. I, § 10; WASH. CONST. art. I, § 7. For an excellent discussion of state legislation in the privacy area and a full text of each state's statutes, see Cope, Toward a Right of Privacy as a Matter of Constitutional Law, 5 FLA. ST. U.L. REV. 631 (1977). 165. Id. at 636.

166. FLA. CONST. art. I, § 12. See Cope, supra note 164, at 637.

167. See Cope, supra note 164, at 637.

168. Id.

169. See Breese v. Smith, 501 P.2d 159 (Ala. 1972) (right to be let alone concerning hair length); Melvin v. Reid, 297 P. 91 (Cal. Dist. Ct. App. 1931) (invasion of privacy tort); Cason v. Baskin, 20 So. 2d 243 (Fla. 1944) (invasion of privacy tort).

170. Alaska, California, and Florida adopted privacy provisions subsequent to the dates of the court decisions discussed supra note 169.

1983]

COMPUTERS AND PRIVACY

469

State constitutional privacy provisions add another degree of protection against such devices as computer databanks.

The experience of the states suggests that the most effective means of protecting privacy is the adoption of a "package" of privacy measures in state constitutions. One commentator argues that three elements are essential in such a package. The first is the inclusion of a provision relating to the interception of communication. This provision is normally within the section on searches and seizures. The second is a freestanding right of privacy, following the models of Alaska, California, and Montana, that protects against governmental intrusions. Finally, appropriate language should be included to assure that the courts and legislatures have a mandate to fashion remedies against intrusions by the private sector. 171 A state's adoption of such a package would help protect an individual's privacy right across the spectrum of possible invasion, including those involving computer databanks. Most states, unfortunately, have not been very active in the privacy area. Colorado, for instance, has acted particularly slowly. Other than various restrictions on the dissemination of information concerning people who apply for welfare assistance, little Colorado privacy law exists. 172

IV. TRANSNATIONAL ASPECTS OF PRIVACY

A. Transborder Data Flows

The development of complex computer systems, with greatly enhanced data processing capabilities enabling vast quantities of data to be transmitted within seconds across national frontiers, has made it necessary to consider international privacy protection of personal data. Privacy protection laws have been, or will shortly be, introduced in approximately half of the Organization for Economic Cooperation and Development (OECD) countries to prevent violations of certain fundamental human rights. 173 The privacy rights having considerable bearing on international law include: unlawful storage of personal data, storage of inaccurate data, and abuse or unauthorized disclosure of such data. 174

While certain countries have enacted legislation aimed at protecting individual privacy, there is a danger that disparities in national legislation might hamper the international flow of appropriate and necessary personal - data. Such data flows have increased significantly in recent years and are bound to grow with the continued widespread use of computer and telecom

171. Cope, supra note 164, at 730-43.

172. See COLO. REV. STAT. § 26-1-114 (1982).

173. The OECD has 24 members: Australia, Austria, Belgium, Canada, Denmark, Finland, France, West Germany, Greece, Iceland, Ireland, Italy, Japan, Luxembourg, the Netherlands, New Zealand, Norway, Portugal, Spain, Sweden, Switzerland, Turkey, the United Kingdom, and the United States. Members who have introduced privacy protection laws are: Austria, Canada, Denmark, France, West Germany, Luxembourg, Norway, Sweden, and the United States. Belgium, Iceland, Netherlands, Spain, Switzerland, and United Kingdom have prepared draft bills. OECD, GUIDELINES ON THE PROTECTION OF Privacy and TranSBORDER FLOWS OF PERsonal Data (1981).

174. Id. at 5.

470

DENVER LAW JOURNAL

(Vol. 60:3 munication technology. 175 Overly restrictive or disparate legal constraints could lead to serious disruptions in sectors of the international economy such as banking and insurance. 176

A recent report by the United States House of Representatives Committee on Governmental Operations outlines the issues in the international regulation of transborder data flows. 177 The difficulty of the problems involved can be observed from that report which noted, inter alia, the following kinds of situations: 1) a diversified consumer products company rented a house which straddled the border of two European countries to maintain the option of having computer tapes in the venue most expedient to management purposes; 178 2) a German multinational corporation established a central personnel information system in Sweden for administration and planning. This system contained information concerning the family, nationality, and skills of its employees. Company officials were not permitted to export this information;179 3) a United States company complained that its whollyowned subsidiary in Germany is required by German banking law to process totally within that country. Thus, the computer hardware, software, and operations must be located in Germany, thereby, excluding the economies of on-line processing from its Chicago data center.'

These problems are due, in part, to individual nations passing disparate privacy protection laws to control what many argue is an inherently international commodity-information. 181 According to Professor Nanda: “[International] law has been rather slow in responding to the 'information revolution'-the development and application of technology in electronics and information processing, and application of technology in electronics, resulting in sophisticated computers, cable and two-way television, direct broadcast satellites, and the like."182 Nanda argues, however, that a rush to pass laws limiting transborder data could upset the "balance between the needs and interests of society for free flow of information and of the individual for adequate safeguards of personal data and protection of privacy.

Present legal norms primarily apply to issues that can be fixed to a definable geographic locus, where responsibility can be attached and jurisdiction can be established. Data transmission and storage do not follow formal geographic boundaries. Traditional legal approaches have, therefore, proven unsatisfactory to governments attempting to maintain control over personal computer databanks. A related problem is where responsibility lies

175. For a detailed discussion concerning transnational data flow regulation, see Patrick, Privacy Restrictions on Transnational Data Flows: A Comparison of the Council of Europe Draft Convention and OECD Guidelines, 21 JURIMETRICS J. 405 (1981).

176. Id.

177. HOUSE COMM. ON GOVERnment Operations, InternatIONAL INFORMATION FLOW: FORGING A NEW FRAMEWORK, H.R. REP. NO. 1535, 96th Cong., 2d Sess. (1980). 178. Id. at 24.

179. Id. at 18.

180. Id. at 17.

181. Patrick, supra note 175, at 406.

182. Nanda, The Communication Revolution and the Free Flow of Information in a Transnational Setting, 30 AM. J. COMP. L. 411 (1982).

183. Id. at 412.

1983]

COMPUTERS AND PRIVACY

471

with respect to internal data networks and commercial timesharing services that operate across national borders. Four possible parties to whom responsibility may be attached in a fairly simple data communication transaction are: the originator of the data message, the telecommunications carrier, the data processor, and the recipient of the data.

Two major legal issues surround transnational data flows. The first concerns the instruments that governments must develop in order to know what computerized data exists. The second involves the legal framework that can be developed to assure that agreements among various public and private parties can be enforced to enable the continuous, uninterrupted flow of data vital to economic prosperity and national security.

Data flowing across borders is affected by two jurisdictions. As the internal laws of countries differ, the legal assessment of the data and its uses may also differ. The thrust of legislative efforts has been to regulate personal information. Some law exists for regulating telecommunications and economic information, however, regulation of transborder data flows is almost nonexistent.

A fairly common area to consider with respect to potential regulation is data throughflow. This involves transportation of information across a country without the data being used in that country. For instance, in transmitting data from Germany to the United States, data might be transmitted telephonically to London and then by satellite or undersea cable to the United States. England is a passive way-station in the data flow between Germany and the United States. Some data processing, however, may occur in London. One example is the creation of a temporary file for more efficient transmission. The data are not used in England and typically do not include information on English subjects. Consequently, there will rarely be any English privacy problems associated with this data throughflow. There may be little reason to restrict such throughflow with national legislation. In contrast, if Sweden were the throughflow country, Swedish law places restrictions on the creation of a machine-readable file. 184 Although the file is temporary, Swedish legislation governs. 185 The file could not be established without prior issuance of a license by the Swedish government. 186

A second area to consider in developing sound regulations is the use of foreign service bureaus where processing of data for use in one country takes place outside that country. The privacy issue is not involved with the nature of the data processed, but rather with the effect of the relevant national privacy legislation that governs where the data are processed.

A third area is the nature and extent of data collected in one country to be marketed in another country. Examples include information relating to subscriptions to foreign periodicals and foreign credit reporting for credit cards and other forms of credit. As the economies of different countries become more interrelated, the sharing of personal information by credit reporting agencies becomes increasingly significant. Many countries, particularly

184. Data Act of Sweden, 5 COMPUTER L. SERV. app. 9-5.2a, No. 2 (July 1, 1979). 185. Id. § 2.

186. Id.

« السابقةمتابعة »