Data Protection And The Business Use Of Social Networks

ii. Table of Contents

i. Executive Summary

ii. Table of Contents

iii. List of Abbreviations

1. Introduction

2. Objective

3. Methodology

4. Main Part
4.1 Data Protection
4.2 Health Insurance Portability and Accountability Act
4.3 Fair and Accurate Credit Transaction Act
4.4 The Federal Trade Commission Act
4.5 Financial Services Modernization Act
4.6 Data Protection for transatlantic data flows

5. The Business Use of Social Networks
5.1 Social Networks
5.2 Social Networks and the Employment Relationship
5.3 Applicant Screening Laws
5.4 User Generated Content & Copyright
5.5 Trademarks

6. Conclusion

Bibliography
Online Journal
Press Release

i. Executive Summary

This assignment provides an overview of the complexity of data protection and the usage of social networks that US based companies have to deal with. The world wide web has brought many new opportunities for companies to globalise, expand and to make work processes paperless.

Looking at the findings conducted for data protection laws it is a big surprise that the US has not implemented a federal data protection act, even though data protection and privacy is seen as a human right for most economically strong countries including Canada and Europe. Thus, the US data protection acts are split into several industries and works in a ‘patchwork system’. This system made it more difficult for the US to trade with the European Union before both parties agreed on a EU-US Privacy Shield to protect European customer data. Secondly, this assignment identifies that Social Networks should not be included in the recruitment process of an employer but can be used as a platform for employees to discuss work processes or for the companies to promote its products and services. This is a legal procedure as long as the content posted is not illegal, obscene, incorrect, defamatory or invasive of privacy. The acceptance and openness for the US citizens to freely communicate online is a consequence of Americas ‘free speech’ philosophy. Additionally, a Business providing its own social network in form of a blog, content community or social media website is not held liable for the content that is being posted by users, however the service provider has to have a system in place to be able to delete illegal content.

iii. List of Abbreviations

Abbildung in dieser Leseprobe nicht enthalten

1. Introduction

The drastic increase in Technology, Web-Usage and Information has led to new rules and regulations including E-Commerce, Data Protection, and Social Networks. The US, being one of the most technologically advanced nations has not provided a national data protection policy. The US has split its policies and regulations into various sectors, ranging from Healthcare to Child Protection, whereas most countries in the EU and Canada have established a national privacy regulation or data protection policy. Consequently, the US was required to implement a data protection policy for all EU and Swiss citizens, one of America’s strongest trading partners, to allow online trading. Therefore, the US Department of Commerce in conjunction with the EU and the Federal Data Protection and Information Commissioner of Switzerland came to an agreement and established the ‘Safe Harbor Privacy Principles’. However, the drastic expansion of Facebook, which happened a few years after the agreement, has brought up new uncertainties about data privacy with increase in popularity of social media usage and the on-going development of IoT (Internet of things). The trade of data has increased significantly and the Safe Harbor Privacy Principle seemed to be out-dated. Consequently, the agreement has been changed to the Privacy Shield framework.

2. Objective

The objective of this assignment is firstly; to analyse and identify how well the ‘patchwork’ system of data protection works within the United States in comparison to strongly established national data protection policies in other countries. Secondly this assignment puts a focus on the (business) use of social networks within the United States. The core focus will be on the usage of social networks by employees, the effects of social networks on recruitment processes and the legal use of social networks as a communication tool for businesses according to US law.

3. Methodology

Research for this work was collected through secondary data and therefore processed by people other than the researcher. The U.S Codes are derived from online sources including journals, articles and assembly bills.

4. Main Part

4.1 Data Protection

Unlike many other technologically advanced nations, the United States do not offer a nationwide law regarding the collection and usage of personal data (Loeb, 2016). Whereas in Europe, Canada, and many other economically developed nations the protection of each individual’s data is treated as a human right, in the US data protection only applies in some forms.

Consequently, the US has a ‘patchwork’ system consisting of federal laws that potentially overlap in some aspects. The laws are split up into different categories according to industries rather than having one explicit federal data protection regulation. Nevertheless the federal & state authorities enforce the different regulations, providing individuals with a right for privacy (Sotto & Simpson, 2015).

On the other hand, the California state has come up with the ‘California Online Privacy Protection Act of 2003’ (under the Business and professions code section 22575-22579^[1] ), resulting in a privacy policy which websites must comply to if they collect personal information from California’s residents. Furthermore, the US has implemented the ‘Right to Know Act of 2013’ requiring business to ensure the privacy of customer’s personal information, provide the customer information of the collected information and to provide information to the customer regarding the company’s privacy policy^[2]. A breach of one of the regulations will not be handled as a criminal but civil policy. In regards to data protection and privacy of an employee, the laws are quite differently. According to the case of Smyth v. Pillsbury Co., 914 F. Supp. 97, 101 (E.D. Pa. 1996), an employee has no right for privacy while sending E-Mails over the company Email system. The employer has the right to scan these emails even after the employee has deleted them.

The most important legislations engaging in the data protection act are described in the subheadings below.

4.2 Health Insurance Portability and Accountability Act

The aim of the HIPAA regulation (42 U.S.C. §1301 et seq.) is to protect health data of American citizens and the HIPAA specifically defines who is allowed to access the health data or information. According to Ken Terry (2009), health care clearinghouses, employer sponsored health plans, health insurers, and medical service providers that engage in certain transactions are the only companies that have the right to access this information.

4.3 Fair and Accurate Credit Transaction Act

The FACTA is responsible for the security of credit information coming from credit and debit card receipts. This law was introduced in 2003 and can be found in the U.S. Government Printing Office (Public Law 108-159 108th Congress)^[3]. It is used to prevent identity theft, to improve the use and access of consumer credit information and to enhance the accuracy of consumer report information. This regulation can regularly be seen on individuals receipts (paid by credits/debit cards) when the company is only allowed to show the last 5 digits of the customers card number.

4.4 The Federal Trade Commission Act

The FTC Act (15 U.S.C. §§41-58) is a general legislation to protect consumers outside of the regulated industries. The general consumer protection act is in Section 5 of the FTC Act, and prohibits unfair practices affecting commerce. The FTCA uses different tools to protect consumers’ privacy and personal information in forms of the general privacy against spam and spyware, data security of consumer’s information, but also credit reporting for screening purposes (Federal Trade Commission, 2016).

The FTC Act is also the primary enforcer of the Children’s Online Privacy Protection Act (COPPA), which is located at 15 U.S.C. §§ 6501-6506. The COPP Act gives parents or guardians, of children under the age of 13, greater control over the information that is stored online by companies.

4.5 Financial Services Modernization Act

The FSM Act (Gramm-Leach-Bliley Act (GLB)) (15 U.S.C. §§6801-6827) has been implemented in 1999 to update the financial industry, allowing financial organisations to offer financial services like investments. Therefore these companies had to give notice to its customers about their use of customer information.

4.6 Data Protection for transatlantic data flows

In February 2016, the European Commission in conjunction with the US agreed on a framework for transatlantic data flows. This regulation protects all EU citizens whose personal data is transferred to the United States. According to the European Commission (2016) ‘it uses law enforcement, policy initiatives, and consumer and business education to protect consumers’ personal information and ensure that they have the confidence to take advantage of the many benefits of the ever-changing marketplace’. This new regulation, known as the EU-US Privacy Shield, fulfils all the requirements from the European Court of Justice and therefore marks the long-standing Safe Harbor framework as invalid according to a Press Release from the European Commission in February 2016^[4]. This was mainly due to the European Commission believing that the Privacy Shield could improve four main priorities: enhancing transparency; ensuring redress; strengthening enforcement; and limiting the access of U.S. authorities to data transferred under Safe Harbor (Weiss & Archick, 2016).

5. The Business Use of Social Networks

Since the start of Facebook in 2004, the usage of social media has increased exponentially. Employers have also become aware of the importance of social networks as a means of promoting their business but also for employment purposes. Since 2013, new state legislations have been sweeping up, restricting employers to demand access to their employee’s social media sites (in case these sites are not fully public).

5.1 Social Networks

Social Networks can be described in different forms and can have multiple purposes. The most common social media platforms can be classified into three different categories, which are blogs, content communities and social networks sites. Blogs are mostly private websites that are used to publicize or ‘blog’ diary entries or reviews about certain services or products. Content communities are websites like Youtube, which are used by Internet users to upload and share personal files, mostly in forms of videos, within the community to watch and comment. Lastly, social networks are the ‘common’ social media websites like Facebook or LinkedIn were users communicate and network with one another (Kaplan & Haenlein, 2010).

Additionally, Danah Boyd and Nicole Ellison (2007) categorised social media as “web based services that allow individuals to (1) construct a public or semi­public profile within a bounded system, (2) articulate a list of other users with whom they share a connection, and (3) view and transverse their list of connections and those made by others within the system”.

5.2 Social Networks and the Employment Relationship

Some employees find it difficult to define the difference of what communication channels can be used to deliberately communicate with employees about internal processes of a company. These new communication tools in forms of Twitter or Facebook can cause a negative brand image or reputation. Therefore, the legal obligations and rights of employers are continuously changing with the innovation of new media channels (Mooty, 2013).

[...]

^[1] leginfo.ca.gov. (2004). Business and Professions Code Section 22575-22579

^[2] leginfo.legislature.ca.gov. (2013). Assembly Bill No. 1291.

^[3] gpo.gov. (2003). U.S. Government Printing Office.

^[4] European Commission. (2016)