CHAPTER 33

PROTECTING THE INNOCENT: THE INFORMATION SECURITY AND PRIVACY BATTLE

Lane Leskela

33.1 RECENT HISTORY OF PRIVACY REGULATIONS IN THE UNITED STATES

33.2 PERSONAL DATA PRIVACY PROTECTION IN EUROPE

33.3 CRITICAL ROLE OF ACCOUNTABILITY IN INFORMATION SECURITY

33.4 FOR FURTHER CONSIDERATION—INDIVIDUAL RECOGNITION TECHNOLOGY

REFERENCES

33.1 RECENT HISTORY OF PRIVACY REGULATIONS IN THE UNITED STATES

The May 2006 revelation that the U.S. National Security Agency had been searching a database of millions of telephone records and mining it for potentially threatening patterns is just one of the latest in a long series of conflicts between individual privacy and the increasing ability to manage mass quantities of data involving individuals. These conflicts will increase and challenge the ability to enforce civil rights in the United States and other countries even in the presence of more stringent legal protections.

In the regulatory domain, the Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA), set a benchmark for the protection of consumers' personal information held by financial institutions in the United States. GLBA requires "appropriate standards for ... administrative, technical, and physical safeguards to insure the security and confidentiality of customer records and information; to protect against any anticipated threats or hazards to the security or integrity of such records; and to protect against unauthorized access to or use of such ...