I
have, in reviewing other works that deal with online
law, noted the
limited utility of legal texts which address only, or
primarily, the
laws of the United States. As one would expect, this
book, written by
three Americans, and published by an outfit named American
Lawyer
Media, concentrates on American legislation. (In fact,
I find it
slightly ironic that a Canadian price is given on the
jacket.)
However, the analysis is so clearly written, and so rooted
in Common
Law and general legal principles, that I have very little
compunction
in recommending this work to anyone interested in the
legal aspects of
privacy, regardless of jurisdiction.
The
introduction states that this work is intended for
both the legal
professional and the lay audience. Indeed, there is an
attempt to
point out the business case for attending to privacy.
It is noted
that Doubleclick's plan to merge the surfing information
that it had
been collecting with a database of personally identifiable
information
that it had purchased resulted in a 40% drop in stock
price before the
plan was abandoned. In addition, there is a serious effort
to
emphasize the importance of international law, although
not all
sections of the book addressing the issue are successful.
Chapter
one demonstrates that definitions of privacy are problematic.
Refreshingly, an understanding of technology itself
is
considered to
be important. Unfortunately, this position is somewhat
undermined by
a bit of confusion in regard to the possibility of obtaining
personally identifiable information from the "clickstream" (activities
while surfing the Web), and a minor error when discussing
IP
addresses. The aforementioned business reasons for respecting
privacy
are primarily given in chapter two. The development of
privacy
regulation, in chapter three, is predominately based
on US laws and
cases, but, as noted, is also conceptual and therefore
broadly
applicable.
Chapters
four to nine deal with specific US legislation. Chapter
four
details the Children's Online Privacy Protection Act;
five outlines
the Gramm-Leach-Bliley bill (for financial institutions),
the Health
Insurance Portability and Accountability Act, Computer
Fraud and
Abuse, and Electronic Communications Privacy; six looks
at state level
versus federal jurisdiction; seven reviews case law (concentrating
on
email interception); eight discusses decisions in some
class action
civil suits; and nine examines Federal Trade Commission
studies and
decisions.
The
European Union directives are dealt with in depth in
chapter ten.
The US Safe Harbor program is reviewed in terms of principles,
but,
unfortunately, details and procedures are not covered.
Chapter eleven
provides brief but broad outlines of various international
regulations. Corporate privacy policies are discussed
in chapter
twelve. Chapter thirteen has a brief overview of a number
of privacy
enhancing technologies, but no mention of legal issues
that might be
involved. Government monitoring, the keyboard logging
system (KLS,
aka Magic Lantern), Carnivore, and the Patriot Act are
examined in
chapter fourteen.
This
book is concise, readable, and valuable. There are
some areas
where one could hope for additional coverage and detail,
but the
concepts and basics are covered well. I would recommend
this work to
anyone interested in privacy issues, and particularly
to those in the
security industry who do not have an extensive legal
background.
copyright Robert M. Slade, 2003 BKINONPR.RVW 20030321
|
