CYBER SECURITY FOR EDUCATIONAL LEADERS: A GUIDE TO UNDERSTANDING AND IMPLEMENTING TECHNOLOGY POLICIES

Chapter 10 Privacy Policy

© Routledge Richard Phillips and Rayton R. Sianjina

PRIVACY POLICY The Privacy Act of 1974 was created in response to concerns about

the use of computerized databases and the impact of individuals’ privacy rights.

The privacy policy is a legal document that discloses a customer’s or employee’s data, personal information, or professional identification.

All privacy policies are different.

The privacy policy protects all important and personal information related to an employee or customer.

The courts have stated that privacy rights do not extend to employees using company-owned computer systems, even in situations where employees have password-protected accounts.

© Routledge

PRIVACY POLICY

The Privacy Act of 1974 protects records that can be retrieved without permission such as a name, social security number, birth date, address, or other identifiable information.

The Privacy Act only protects and covers records in the possession and control of federal agencies.

The Privacy Act prohibits disclosure of these records without the written consent of the individual to whom the records pertain (U.S. Department of Health and Human Services, 2011).

© Routledge

PRIVACY POLICY

The U.S. Patriot Act has authority to monitor the communications and Internet activities of individuals, including emails and pictures.

The U.S. Patriot Act was enacted after the September 11, 2001 attack.

© Routledge

PRIVACY POLICY

The Privacy Act maintains privacy through creating procedural and substantive rights in personal information:

it requires government agencies to show an

individual any records kept on him/her it requires agencies to follow certain principles,

called "fair information practices," when gathering and handling personal data

it places restrictions on how agencies can share an individual's data with other people and agencies

and it lets individuals sue the government for violating its provisions (Center, 2010).

© Routledge

PRIVACY POLICY

The Privacy Act requires any agency or organization that is maintaining a system of records to give an individual access (Center, 2010).

Every individual has an opportunity to review, analyze, and make copies of their record.

If the individual insists that their record has an error and needs to be corrected the agency must respond to their request within ten business days (Center, 2010).

© Routledge

PRIVACY POLICY

Any agency that has records on an individual must also keep accurate accounts of when and to whom it has disclosed personal records.

Personal records include a: social security number, full name, address, and birth date.

(Electronic Privacy Information Center, 2010)

© Routledge

CONCLUSION

Privacy protection in electronic communications has several exemptions that limit the ability to provide protection in the workplace.

If an agency sharing information believes that the recipient agency is not abiding by all of the necessary regulations, it cannot disclose any records to the recipient agency (Center, 2010).

© Routledge