Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
ACRP LRD 42 69 www.ncsl.org/research/telecommunications-and- information-technology/data-security-laws-state- government.aspx o National Conference of State Legislatures, Data Secu- rity Laws / Private Sector, available at https://www.ncsl. org/research/telecommunications-and- information- technology/data-security-laws.aspx o National Conference of State Legislatures, Data Dis- posal Laws, available at https://www.ncsl.org/research/ telecommunications-and-information-technology/ data-disposal-laws.aspx o National Conference of State Legislatures, Secu- rity Breach Laws, available at https://www.ncsl.org/ research/telecommunications-and-information- technology/security-breach-notification-laws.aspx â¢ National Consumer Law Center, Consumer Protection in the States: A 50 State Evaluation of Unfair and Deceptive Practice Laws (March 2018), available at https://www.nclc. org/issues/how-well-do-states-protect-consumers.html A comprehensive presentation of state consumer protec- tion laws. B. Resources Identifying State Laws on Records Retention and Freedom of Information National Association of Counties, âOpen Records Laws: A State by State Approach,â (December 2010) available at https:// www.governmentecmsolutions.com/files/124482256.pdf. This compendium of laws offers an excellent comparative chart of key provisions of open records laws. However, the results need to be refreshed. â¢ The Reporters Committee for Freedom of the Press, Open Government Guide (2019) https://www.rcfp.org/open- government-guide/ This compendium is prepared by volunteer attorneys in states across the country and was designed as a tool to assist journalists in obtaining access it contains both statutory citations and case law. â¢ Brechner Center for Freedom on Information, University of Florida, Record Retention Schedules by State, https:// brechner.org/records-retention-schedules-by-state/ This website provides links to sources by state outlining state record retention requirements. C. Resources on Federal Law for Consumer Protection The FTC maintains a wealth of resources addressing the issue of privacy and data collection, though these are princi- pally focused on the consumer protections laws and regulations they enforce. Accessed through the FTC website these materials include: â¢ A searchable compilation of all FTC actions including unfair and deceptive practice enforcement actions related to privacy and data security: ing federal government or industry standards for data sanitiza- tion and disposal.689 Airports may consider language to require the disposal of data at the end of a contract. Contractual language may require the vendor to destroy the data in a manner that prevents re- construction, reverse engineering, or the fallout from a future potential data breach. An airport may choose to require writ- ten confirmation that data was destroyed and may require the process to occur within a specified period. 9. Data Breach Contractual language regarding data breaches will need a specific analysis for each technology deployment. Breaches will require various mitigation actions based on the data com- promised and potential resulting harm. For example, PCI DSS breaches can result in financial harm to individuals, banks, and merchants. Whereas breaches of a pedestrian pathway analytics system may harm an individualâs privacy and cause security vulnerabilities if nefarious actors have the information. There- fore, contractual language should trigger mitigation responses to include notification and system deactivation procedures. Addi tionally, contractual language should trigger added secu- rity requirements and audits after breaches occur before data collection resumes. XIV. RESOURCE GUIDE Assessing legal issues concerning collection and use is a complex process involving differing requirements across juris- dictions. This resource guide is designed to assist in finding jurisdictionally relevant legal authority. It also offers resources for accessing relevant federal and international legal authorities. This section also includes references to technical support mate- rials as well as links to sample airport privacy policies. Unless otherwise noted these sources are without cost to the user, how- ever some may require a log in process to access the relevant material. A. Resources Identifying State Laws on Data â¢ The website for the National Conference of State Legis- latures https://www.ncsl.org/ is generally a useful site for information on state laws on a range of subjects. While the information may need to be refreshed, the free web- site is a good starting place for a survey of state law. The following resources on the site are useful: o National Conference of State Legislatures, Privacy Protections in State Constitutions, available at https:// www.ncsl.org/research/telecommunications-and-in- formation-technology/privacy-protections-in-state- constitutions.aspx o National Conference of State Legislatures, Data Secu- rity Laws / State Government, available at https:// 689 Guidelines for Media Sanitization, Natâl Inst. of Standards. & Tech. (Dec. 2018), https://csrc.nist.gov/publications/detail/sp/800-88/ rev-1/final.
70 ACRP LRD 42 D. Resources on International Law â¢ Graham Greenleaf, Global Data Privacy Laws 2019: 132 National Laws & Many Bills (February 8, 2019), avail- able atÂ https://ssrn.com/abstract=3381593. This source provides a compendium of international statutes on data privacy. â¢ Graham Greenleaf, Global Tables of Data Privacy Laws and Bills (6th Ed January 2019) (February 9, 2019), avail- able at https://ssrn.com/abstract=3380794 This source compliments the international law summary providing critical information regarding each countries data pri- vacy laws. â¢ DLA Piper, Data Protection Around the World, available at https://www.dlapiperdataprotection.com/ . The DLA Piper law Firm maintains a website with links to data pri- vacy statutes in countries across the globe. â¢ EUR-Lex: EU Law, available at https://eur-lex.europa. eu/homepage.html. This website allows access to a wide range of EU legal documents including legal acts and case law. â¢ Regulation (EU) 2016/679 (General Data Protection Regula- tion), available at https://eur-lex. europa.eu/legal- content/ EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01. ENG&toc=OJ:L:2016:119:TOC. This site is the official website of the EU and offers access to regulations and directives as well as European Commission advisory information on those enactments. This link is to the text of the GDPR. â¢ EGuidelines 3/2018 on the Territorial Scope of the GDPR (Article 3), Version 2.1 available at https://edpb. europa.eu/our-work-tools/our-documents/guidelines/ guidelines-32018-territorial-scope-gdpr-article-3- version_en. This citation is a link to EU guidance on the territorial/jurisdictional reach of the GDPR. â¢ Privacy Shield Framework, available at https://www. privacyshield.gov/servlet/servlet.FileDownload?file= 015t00000004qAg. This website offers information on Privacy Shield and allows for an examination of the framework requirements. â¢ APEC Privacy Framework (Singapore 2005) available at https://www.apec.org/Publications/2005/12/APEC- Privacy-Framework. This website offers information on the APEEC Privacy Framework and allows for an exami- nation of the framework requirements. E. Resources on Technical Issues Relative to Privacy and Data Protection â¢ National Institute of Standards and Technology, NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, Version 1.0 (January 16, 2020), available at https://nvlpubs.nist.gov/nistpubs/ CSWP/NIST.CSWP.04162018.pdf. This report provides a comprehensive program for analyzing and implementing privacy protections. o FTC, Cases and Proceedings, available at https://www. ftc.gov/enforcement/cases-proceedings â¢ A business center (FTC Business Center, available at https://www.ftc.gov/tips-advice/business-center) with: o A subsection devoted to Privacy and Security, https:// www.ftc.gov/tips-advice/business-center/privacy- and-security, further divided by topics including Con- sumer Privacy, and Data Security https://www.ftc.gov/ tips-advice/business-center/privacy-and- security/ data-security . Each of these subtopic sections is linked to resources including FTC case summaries and reports. https://www.ftc.gov/tips-advice/ business- center/ privacy-and-security/consumer-privacy, and Data Security https://www.ftc.gov/tips-advice/ business-center/privacy-and-security/data-security. Each of these subtopic sections is linked to resources including FTC case summaries and reports. o A business blog, https://www.ftc.gov/news-events/ blogs/business-blog, with discussion of a range of consumer protection topics including privacy and data security. â¢ Annual privacy and data security update reports (listed at FTC, Commission and Staff Reports, available at https:// www.ftc.gov/policy/reports/policy-reports/commission- and-staff-reports?title=privacy&items_per_page=20). Each report identifies the range of FTC enforcement ac- tivity, policy and advocacy work and special reports dur- ing the reporting period. The reports include summaries of major FTC enforcement actions. â¢ Publications on a range of data protection issues: o FTC, Data Breach Response: A Guide for Business (May 2019) available at https://www.bulkorder.ftc.gov/ publications/data-breach-response-guide-business; o FTC, Protecting Personal Information: A Guide for Busi- ness (October 2016) available at https://www.bulkorder. ftc.gov/publications/protecting-personal-information- guide-business; o FTC, Start with Security: A Guide for Business (June 2015) available at https://www.bulkorder.ftc.gov/ publications/start-security-guide-business; o FTC, Protecting Consumer Privacy in an Era of Rapid Chang (March 2012) available at https://www.ftc.gov/ sites/default/files/documents/reports/federal-trade- commission-report-protecting-consumer-privacy-era- rapid-change-recommendations/120326privacyreport. pdf; and o FTC, Facing Facts: Best Practices fir Common Use of Facial Recognition Technologies (2012) available at https://www.ftc.gov/sites/default/files/documents/ reports/facing-facts-best-practices-common-uses- facial-recognition-technologies/121022facialtechrpt. pdf.