The Privacy Lawyer: Patriotism, Compliance, And Confidentiality

Is it unpatriotic to demand a court order before turning over information under the Patriot Act, <B>Parry Aftab</B> asks?

InformationWeek Staff, Contributor

October 16, 2003

3 Min Read
InformationWeek logo in a gray background | InformationWeek

What can you do about it?
If a law-enforcement agent arrives asking for your voluntary cooperation in turning over personally identifiable information in your possession, as much as you may want to help, you need to be sure you aren't risking legal liability for doing so. Let them know right away that you may not be able to comply voluntarily, even if you would have liked to. Obtaining a court order isn't very difficult under new, lower thresholds and one can usually be obtained in a few hours. You can use the time during which the order is being obtained to gather the information together and see if any non-disclosure agreements of privacy policies are affected by the turnover. But the best time to check and see which privacy laws, agreements, and policies apply to your company is long before the federal agent knocks. It should begin long before your company is even a twinkle in a federal agency's eye.

Privacy regulation is tricky, and your in-house or outside counsel may need to consult with an experienced privacy lawyer to spot issues early on. Conducting a privacy audit also is a good idea. Many privacy counsel and consulting companies can do a thorough preventive audit and advise you in advance of the risks you face and how to better manage those risks. The cost of these audits is more than made up by reduced legal exposure. If the laws that apply to your company require a court order before personally identifiable information can be disclosed, you need to know that as early as possible. If the laws that apply to your company permit disclosure pursuant to legal process, you need to know that, too. Then make sure you have a procedure if anyone comes looking for personally identifiable information. This isn't something that should be left to your risk manager or security director to handle. It should be bumped up to legal counsel right away. And the lawyers should be expected to advise the company's decision-makers on the spot. That requires substantial preparation and planning.

Forewarned is forearmed when it comes to privacy compliance, especially when law-enforcement agents are involved.

Parry Aftab is a security, privacy, and cyberspace lawyer, as well as an author and child advocate. She advises some of the leading corporations in the world on privacy and online security matters, including cybercrime, abuse prevention, and risk management. A substantial portion of her time is devoted to Internet issues involving children, from equitable access to privacy, safety, and helping develop quality and reliable content for children. She also donates her time to running the world’s largest online safety and help group, WiredSafety.org, which is comprised of thousands of volunteers from around the world.

To discuss this column with other readers, please visit the Talk Shop.

To find out more about Parry Aftab, please visit her page on the Listening Post.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights