| |
Credit Reports |
Financial and Credit Card |
Medical |
Educational |
Video Rental |
Cable Viewing |
Telecom/Internet/
Email Content |
Internet Transactional |
Telecom Transactional |
Other Business Records |
| Notice of Collection and Purpose |
Generally no, except FCRA 606 |
Yes, GLB, 15 U.S.C. 6802(a), 6803 |
Yes, HIPAA regs, 45 C.F.R. 164.520 |
Yes, de facto |
Yes, de facto |
Yes, annually, 47 U.S.C. 551(a) |
Yes, 18 U.S.C. 2511, 2701 prohibit access without consent (with exceptions) |
No |
Yes, 47 U.S.C. 222 (CPNI) |
No |
| Collection Limit |
No |
No |
No |
No |
No |
Yes, may collect only to render services or detect piracy, 551(b) |
Yes, 18 U.S.C. 2511 (real-time), 2701 (stored) |
Third parties cannot collect, but service providers can, 18 U.S.C. 3121 (real-time) |
18 U.S.C. 3121 (real-time) |
No |
| Use and Disclosure Limit |
Yes, FCRA 604, 605, 606, and 613 |
Yes, opt out, GLB, 6802 |
Yes, in limited circumstances, HIPAA regs, 164.502-514, 522; FCRA 604(g) |
Yes with some exceptions, but audit trail must be kept, 1232g(b) |
Yes, 18 U.S.C. 2710(b) |
Yes, with some exceptions, 551(c) |
Yes, 18 U.S.C. 2511 (real-time), 2701-02 (stored) |
No - 18 U.S.C. 2702(c) - can disclose to anyone but government (stored) |
Yes, 47 U.S.C. 222 (stored/CPNI) |
No |
| Retention Limit |
Yes, for some types of information, FCRA 605 |
No |
No |
No |
Yes, PII must be destroyed as soon as practicable, 2710(e) |
Yes, data should be destroyed if no longer necessary for purpose collected, 551(e) |
Neither purge nor retention requirement |
No |
No |
No |
Data Quality/
Right to Correct |
Yes, FCRA 606, 607(b), 611, 613(a) |
No |
Yes, HIPAA regs provide right to amend, 164.526 |
Yes, students can inspect their records and request corrections, 1232g(a) |
No |
Yes, people can access and correct their records, 551(d) |
N/A |
No |
No |
No |
| Security |
No |
Yes, GLB, 6801(b) |
Yes, HIPAA 262 (42 U.S.C. 1173), HIPAA regs 164.530(c) |
No |
No |
No |
CALEA, Sec. 105 (47 U.S.C. 1004) |
No |
CALEA, Sec. 105 (47 U.S.C. 1004) |
No |
| Access (Can Individual See What Has Been Collected About Himself?) |
Yes, FCRA 609, 610, 612, 615 |
No |
Yes, HIPAA regs, 164.524 |
Yes, students can inspect their records, 1232g(a) |
Access is at discretion of video store, 2710(b)(2)(A) |
Yes, people can access and correct their records, 551(d) |
N/A |
No |
47 U.S.C. 222 (CPNI/Stored) |
No |
Accountability/
Enforcement |
Yes, FCRA 616-621 |
Yes, GLB, 6805 |
Yes, HIPAA regs provide for weak administrative enforcement 164.300-312, 164.530 |
Yes, administrative enforcement, 1232g(f), (g), penalty is loss of federal funding |
Yes,
civil action, 2710(c); suppression remedy, 2710(d) |
Yes, civil action, 551(f) |
Yes, 2511, 2515, 2520, 2521 (real-time) and 2707 (stored) |
Yes, 18 U.S.C. 3121 (real-time), 2707 (stored) |
Yes, 18 U.S.C. 3121 |
No |