"PRIVACY ON THE INTERNET"
with Professor Andreas Teuber
Alumni College: June 16, 2000
Do We Have A Constitutional Right of Privacy? from Philosophy of Law (PHIL 22B -Teuber) --
In Griswold v. ConnecticutJustice Douglas, arguing for the majority, found that the Connecticut law violated
the general right to privacy recognized by the Constitution as a right of all citizens.
Justice Douglas was aware that "privacy" was not mentioned anywhere in the
Constitution; nonetheless he found a "right to privacy" embedded in the
"penumbras," in the shadows and implications of several amendments to the
Constitution. Griswold, the director of the Planned Parenthood League of Connecticut,
was arrested in 1961 for violating a state law forbidding the
distribution of contraceptive devices and information. The Planned
Parenthood League provided contraceptives and information to married
couples. The law forbid the distribution of contraceptives and
information to any person, whether he or she was under-age, over-age,
married or unmarried. Griswold argued that the law violated the
Constitution and the Supreme Court agreed."
Major "Privacy" Cases:
- Planned Parenthood v. Casey, 505 U.S. 833
Roe v. Wade, 410 U.S. 113
- Bowers v. Hardwick, 478 U.S. 186
- Loving v. Virginia, 388
- Skinner v. Oklahoma ex rel Williamson, 316
- Prince v. Massachusetts, 321
- Pierce v. Society of Sisters, 268
- Griswold v. Connecticut, 381
- Eisenstadt v. Baird, 405
U.S. 438, 453
- Webster v. Reproductive Health Services, 492
"The Eroded Self," by Jeffrey Rosen, New York Times Sunday Magazine April 30, 2000 --
In cyberspace, there is no real wall between public and private and the version
of you constructed out there - from bits and pieces of stray data - is probably
not who you think you are.
"Cyberprivacy catches eye of Congress," The Boston Globe, June 19, 2000 --
After years of piecemeal proposals to safeguard personal
information on the Internet, Congress is beginning to seriously address the
concept of ''online privacy.'' It is considering an array of legislation that could
dramatically increase the rights of consumers who release personal details into
Table of Contents:
(1) Who's Watching and Why?
Privacy and Identity
(2) Who's Watching the Watchers?
(3) It's a world-Wide Web:
(4) E-mail Tapping, Digital Signatures, and Encryption:
Protection for Your Electronic Communications
(5) Cookies and Clickstreams:
Madison Avenue is Watching You
(6) Free Speech, Journalism, and Filtering:
When one person's privacy is another person's speech.
(7) Workplace Privacy:
In the Workplace, Everybody Knows If You're a Dog
(8) Medical Records
(9) Current Federal Legislation
Proposed Federal Legislation
(11) Case Law
(12) Privacy in Cyberspace Reference Library
Special thanks to Professor Arthur Miller of Harvard Law School
1. Who's Watching and Why?: Privacy and Identity
To begin our discussion, It makes sense to try to answer several fundamental questions first: What is privacy? Where does it stand in the firmament of human values? Who wants to violate it, and what might their reasons be? What does "cyberspace" do to privacy that "meatspace" does not?
Privacy is an intensely, perhaps uniquely, personal value. The word stems from a Latin root, "privare," which meant "to separate." To want privacy is to want to be separate, to be individual. Another meaning of the Latin was "to deprive"; privacy also means leaving something behind.
We would encourage participants to think about the readings in the context of your own lives and value systems. Who are you in private, and who are you in public? To what degree did privacy allow you to become who you are now? And what did you leave behind to become that person?
Once you have thought about what privacy does, for you and for other individuals, we'll discuss what the Internet can do with privacy.
Back to top
2. Who's Watching the Watchers?: Privacy Standards
We began by considering the nature of privacy itself and discussing some of the privacy concerns raised by the availability of information on the Internet.
Next we will look at how industry groups are addressing these concerns by developing both privacy policies and technological solutions. Consider whether these standards might make it easier for users to protect themselves without having to investigate the privacy policies and technical specifications of every individual web site they visit. Or are standards, like individual privacy policies and techniques, useless if they are not backed up by clear legal enforcement?
Back to top
3. It's a World-Wide Web: Cross-Border Issues
Having explored the nature of privacy, information, and identity and having looked at some responses to the privacy concerns raised by cyberspace. to understand the degree to which these responses may be implemented, and by whom, we need a clearer understanding of who has the power to control cyberspace, and by what mechanisms. To this end, we shall now focus on questions of sovereignty.
Consider for a moment the governmental structures with which you are already familiar. Government in real space is geographically bounded. Territories traditionally have defined the scope of government's legislative authority; and where governments have attempted to reach beyond territories, it has only been when behavior outside territories has affected life within the government's domain.
As mobility has increased, this model for sovereignty has been put under great strain. When people live in one area, yet work in
another, and then send their kids to school in a third, a system of democratic government that restricts their influence to the first
increasingly makes less and less sense. This has lead some scholars to question, even in real space, the exclusive reliance on
geography as a basis for legislative jurisdiction, or citizenship participation.
In cyberspace, the problem is only worse. One's behavior while in cyberspace can affect many in many other jurisdictions. And while one is always also in real space while one is in cyberspace, the behavior in cyberspace is increasingly behavior that is not really regulated properly by any individual sovereign, or set of sovereigns. There is emerging in cyberspace an existence that is outside of the life of any particular real world sovereign.
The question before us now is, in short, what real world sovereigns can do to govern this emerging independent existence in cyberspace. There are at least two distinct concerns which are important to consider separately.
1. Law. What are the constraints, either political or legal, on a state's or nation's ability to govern activity on the Internet which it sees as affecting life within its real space borders? What are the legal tools available to a sovereign to control the conduct of its citizens on the Internet and of those individuals outside its borders whose conduct has effects within the sovereign's borders? It may be useful for you to take a look at this short primer on jurisdiction to give you some feel for the background issues. When you feel comfortable with these jurisidictional considerations, have a look at Compuserve, Inc. v. Patterson, a federal appellate case which examines one state's claim of jurisdiction over a matter conducted entirely in cyberspace.
2. Architecture. Some of the readings below focus less on what those in charge of regulating some aspect of the internet may do than on how they may go about doing it. The Internet comprises a wide variety of technologies, which may collectively be called the architecture of cyberspace. Most of these technologies may be used and tweaked in ways which constrain or encourage particular behavior patterns. Discovering what architectures are available and how they may be used are important parts of coming to understand what real world sovereigns can do to govern this emerging independent existence in cyberspace.
Sharon Eisner Gillett and Mitchell Kapor, The Self-governing Internet: Coordination by Design
Douglas Jehl, Islamic World Opens Door to the Internet, but Restrictions Are Many
John Perry Barlow, A Cyberspace Independence Declaration
David G. Post, Anarchy, State, and the Internet: An Essay on Law-Making in Cyberspace
David R. Johnson and David G. Post, Law and Borders - The Rise of Law in Cyberspace
Juliet M. Oberding and Terje Norderhaug, A Separate Jurisdiction for Cyberspace
Jack Goldsmith, Against Cyberanarchy
Paulina Borsook, How Anarchy Works: On location with the masters of the metaverse, the Internet Engineering Task Force.
Back to top
4. Email Tapping, Digital Signatures, and Encryption: Protection for Your Electronic Communications
For most of us, e-mail has quickly become a part of our daily interaction with the world. And yet, in the course of our normal routine, we rarely give thought to the security of these transactions. When we call someone or send a postal letter, we are secure in our expectations of privacy. Yet, most people do not stop to consider whether their electronic communications are afforded the same level of protection. Do we have an expectation of privacy in our electronic communications? If so, is that expectation unfounded?
The law protects us to an extent, making it a federal offense to intercept or disclose the contents of electronic communications, either in the course of transmission or while in storage on a remote computer system. However, a number of uncertainties in the federal statute, widely known as the Electronic Communications Privacy Act, have not yet been hammered out by the courts. Who will be deemed to be a electronic service provider? Under what conditions may a service provider tap into your electronic communications? Under what terms will you be considered to have consented to the interception of your email?
Technological protections, such as encryption technology, are available, but they are also restrained by the law. As encryption technology grows stronger, the government grows more concerned about their inability to "tap" such communications and the ability of organized crime rings, drug traffickers and terrorist organizations to communicate undetected over the borderless realm of cyberspace. To this end, the U.S. government has placed a number of export controls on strong encryption technologies. The SAFE Act, in its latest form, which recently passed the House of Representatives, has several major provisions which enhance consumer privacy and reduce export controls.
The SAFE Act seems to address some of the major issues in email tapping as well as encryption, by setting a minimum to the standard required by law enforcement in order to invade privacy, and limiting their technical ability to do so. However, the harm it would do to law enforcement is unclear. It would be extremely difficult to accurately determine empirically how often encryption interferes with law enforcement since law enforcement may not be aware of many of those occurrences.
What do you think US policy on exporting encryption programs should be? What about law enforcement and private access "keys" and encrypted emails? What standard of cause or suspicion should be necessary to infringe on privacy interests? Should we be more worried about a potential terrorist's communication going undetected in cyberspace or about the security of our own online transactions? If people shouldn't have a reasonable expectation of privacy in their email, should they be afforded this expectation when they employ encryption technology to safeguard their messages?
As you go through the links below, think about these questions and what your model policies would be notwithstanding the current law.
Back to top
5. Cookies and Clickstreams: Madison Ave. is Watching You
When you browse the Web, your browser communicates with web sites through
the HyperText Transfer Protocol (HTTP) to get the web pages you request.
One of the distinguishing features of HTTP (as opposed to File
Transfer Protocol and Telnet)
is its instantaneous nature. There is no real connection between
a web server and browser during an HTTP session. The browser makes
a request, the server fills it and moves on to its next request.
When your browser makes another request, it does so as if it had never
made the first. This is a good thing because it reduces server load
(the server does not need to keep a connection open with your computer
while you browse a page) but it is a bad thing because your browser must
make a new connection for every request and the server treats every request
as unrelated to any other. So-called "stateless" protocols are a
problem for features like shopping carts or password saving because such
features require some memory of what happened in previous requests from
the same browser. Tracking a user by transactional information, cookies
and the proposed Open Profiling Standard (OPS) are ways in which web servers
are attempting to introduce "state" into HTTP.
Tracking Transactional Information
To download this file, your browser sent a request to the Berkman Center
server asking for the text of the page along with its accompanying images
and scripts. The page requested, and the IP address to send it to,
must have been sent to our server. Depending on which browser you
use, however, other information, such as the name and version of the browser
and the page that referred you to this one, might also be supplied.
Our webserver stores all the information your browser provides and, with
that information, a good web sleuth could determine much more about you,
such as how long you stayed at the site, what links you followed and ignored
on our site, where you are, what company you work for (or which Internet
Service Provider you use) and what type of computer you are using.
We collect that information to help us in tailoring our web pages for
our users and to allow you to continue checking discussion groups without
having to re-enter your username and password. However, as the Center
for Democracy and Technology warns:
When [transactional information is] correlated with other sources
of personal information, including marketing databases, phone books, voter
registration lists, etc, a detailed profile of your online activities can
be created without your knowledge or consent. (CDT
Privacy Demonstration Page, Center for Democracy and Technology
According to Netscape,
the first to implement cookie technology:
Cookies are a general mechanism which server side connections (such
as CGI scripts) can use to both store and retrieve information on the client
side of the connection. The addition of a simple, persistent, client-side
state significantly extends the capabilities of Web-based client/server
CLIENT STATE HTTP COOKIES, Netscape
In English, c|net explains,
Cookies are small data files written to your hard drive by some
Web sites when you view them in your browser. These data files contain
information the site can use to track such things as passwords, lists of
pages you've visited, and the date when you last looked at a certain page.
Glossary: Cookie, C|NET
browsers support cookie technology which allows any web server to write
directly to a cookie file on your hard drive and read the cookies they
set. Though cookies were first used for site personalization, shopping
baskets, and saving userids and passwords, they are now also used for targeted
marketing and tracking across sites (see Cookie
Central and Cookies
Revisited by HotWired's Marc Slayton for more information).
advertising company, sets cookies for targeted advertising and tracking
across sites through its banner ads on a wide variety of sites. Chances
are better than even that you have a DoubleClick
cookie in your cookie file. The company's $400
market value is another indication that they are successful.
See also: The
Cookie Central Unofficial Cookie FAQ and Junkbusters.
Back to top
6. Free Speech, Journalism, and Filtering: --When one person's privacy is another person's speech.
This week we will address the intersection of free speech and privacy on the Internet. There are a number of ways that the freedom of speech as guaranteed by the First Amendment to the U.S. Constitution implicates the privacy rights of the person speaking and of other people.
For simplicity¹s sake, the readings below are divided into 3 areas:
a.) False information available about individuals‹i.e. libel and defamation;
b.) The availability of true, but private information about individuals, as illustrated by the Nuremberg files case;
c.) Giving out private information to access protected speech in the case of library filtering.
As you browse the links below, consider what private information you have about the people you interact with on the 'net and what information they have about you. How might that information be used in any of the contexts comtemplated by the readings?
Libel on the Internet--Should Service Providers Be
Zeran v. America Online, 129 F.3d 427 (4th Cir. 1997)
CNN, 4/23/1998, "AOL Dismissed as defendant in Clinton aide's suit"
Communications Decency Act Section 230
Mike Goodwin for Internet World Magazine, June 199, "Libel, Public Figures and the Net"
Mike Hadley, Libel in Cyberspace
Michael Holland, "Libel on the Internet:An International Problem"
Availability Of Personal Information on the World Wide Web--"The Nuremberg Files" Case Study
Shari Steele, EFF, 6/6/1995, "EFF Summary of Stratton-Oakmont & Porush v. Prodigy: Prodigy Potentially Liable for User Postings"
Karin Spaink's Nuremberg Files Homepage
Cathy Ramey, "Coorespondence from the Courtroom" [sic]
Courtney Macavinta, C|Net News, 3/12/1999, "Anti-abortion sites vs. free speech"
Public Prerogatives‹protecting children or invading privacy?
Eastern District of Virginia, Nov. 1998, Mainstream Loudoun v. Board of Trustees of the Loudoun County Library
ACLU Press Release,11/23/1998, "Virginia Court Says Internet Blocking for Adult Library Users is Unconstitutional"
Courtney Macavinta, C|Net News, 2/6/1998, "ACLU takes filtering to court"
ACLU Cyberliberties Page
Back to top
7. Workplace Privacy: In the Workplace, Everybody Knows If You're a Dog
This week we look at a very old problem with which most people are familiarworkplace monitoring. Unlike the previous weeks, the question here is not if a person should have privacy, but how much employers can invade the privacy of their employees.
Privacy in Cyberspace: Is Your E-mail Safe from the Boss, the SysOp, the Hackers, and the Cops? (1996)
Privacy in Cyberspace: Is Your E-mail Safe from the Boss, the SysOp, the Hackers, and the Cops? (1996)
ACLU, The Rights of Employees (1996)
ACLU, Surveillance, Incorporated: American Workers Forfeit Privacy for a Paycheck (1996)
Mark S. Dichter & Michael S. Burkhardt, ³Electronic Interaction in the Workplace: Monitoring, Retrieving and Storing Employee Communications in the Internet Age,² The American Employment Law Council Fourth Annual Conference, Oct. 1996
U.S. Congress, Office of Technology Assessment, The Electronic Supervisor: New Technology, New Tensions (1987)
Back to top
8. Medical Records
Benefits of Increased Data Collection
Borzo, "Automation trends in medicine," AMNews staff. American Medical
News, October 13, 1997
This article discusses a new project at the University of California
San Diego School of Medicine called the Patient Centered Access to Secure
Systems Online (PCASSO). PCASSO will put patients' full medical records
on the Internet, permitting physicians and health-care providers to view
them from anywhere with Internet access. Borzo reports that such a system
will help patients become "providers" of their own care, since they can
ask doctors to define and clarify things in their records. Borzo talks
briefly about the security measures the system will employ to prevent unauthorized
users from gaining the patients' medical information.
Industry Report: Document Imaging, Workflow, and Electronic Patient Records
This site provides three insightful articles relating to managing computerized
patient records. In his article, "What Healthcare REALLY Needs to Know
About Managing Electronic Documents," Bob Smallwood details the benefits
health care providers derive from using Electronic Paper Records (EPR).
He argues that they, "...reduce labor, eliminate lost files and loose sheets,
improve access to authorized users, increase security (with a 100% audit
trail), and provide quicker documentation for claims." Debbie Madison argues
in her article, "Breaking Away from Paper," that "With the click of a button,
the physician can access each chart to be reviewed and completed. Physicians
can also edit transcribed documents online in real time rather than sending
them back to the transcriptionists...The hospital estimates that emergency
department physicians are completing charts in 1/15 of the time it previously
took with paper..." And, finally, in their article, "The Journey to the
Electronic Health Record," Mary Lu Lander and Angela Daniel give further
explanation of the way electronic health records work and their benefits.
This is the site to a health care environment entitled TelMed, created
by the Los Alamos National Laboratory in collaboration with the National
Jewish Center for Immunology and Respiratory Medicine. TelMed "is an intuitive
patient-record system that supports image, audio, and graphical data, ...
integrates complete patient records with detailed radiographic data, and
allows the remote sharing of patient and radiological data over networks...TeleMed
improves clinical diagnosis and reduces the cost of health care by eliminating
the time-consuming and costly activity of data gathering and by enabling
easy use of powerful analysis tools."
This site advertises a LaserCard System, which stores a patient's medical
information electronically on a card that the patient carries with him
or her. The site claims that the optical memory card can "transport secure,
partial or complete electronic patient records, helping to expedite care,
reduce costs, and perhaps save lives."
The Dystopic Alternative
The 1997 movie "Gattaca," written and directed by Andrew Niccol, was an flashy flop that nevertheless prompted viewers to consider the society that we might end up with if medical databases were combined with a little biological determinism. Andrew Niccol spoke at the Computers, Freedom, and Privacy in Washington, D.C. this year.
Back to top
9. Current Federal Legislation
The following two acts provide some limited protection for medical information
Privacy Act of 1974. This act generally provides that no federal
agency may disclose information without the consent of the individual.
with Disabilities Act. This act provides that: employers may
not ask for medical information prior to offering employment; once hired,
the employer may not require any medical examination that is not required
of all employees holding similar positions; if a potential employee is
not hired, the employer must prove that it is physically impossible for
the individual to do the work required. This act applies to businesses
with more than 25 employees.
In 1996, the Kennedy-Kassebaum Health
Insurance Portability and Accountability Act of 1996 was enacted. Under
one of its provisions to simplify the administration of health insurance,
the Act calls for the Secretary of Health and Human Services (HHS) to develop
standards for the exchange of electronic health information and for the
creation of unique health identifiers for individuals, employers, and health
Within this same bill, Congress called for the development of recommendations
to protect the privacy and confidentiality of Americans' health records.
The recommendations, presented to Congress by HHS Secretary Donna Shalala,
propose to "provide important new rights for patients and define responsibilities
and limitations for those who need to have access to these medical records."
Shalala's recommendations include: a nationwide standard; leave for the
states to enact stronger standards if they wish; granting patients access
to their own medical records and the ability to make corrections; ensuring
that those who provide and pay for health care give patients clear written
explanations of how they intend to use, keep and disclose the information;
and providing punishment for those who misuse personal health information.
The recommendations provide for an exception to privacy requirements
for law enforcement officials acting in their official capacities. If Congress
does not pass legislation with regard to privacy, the Health Insurance
Portability and Accountability Act of 1996 calls for the Secretary of the
Health and Human Services to impose confidentiality controls on electronic
The ACLU has voiced concerns with the HHS recommendations. The organization
claims the proposal: fails to allow individuals to insist on paper records;
fails to protect records from being up-linked to national databases; and
fails to prohibit the creation of a system of "unique health identifiers"
(a de facto national health I.D., much like one's Social Security Number)
that would be attached to every piece of medical information. The organization
also claims the law enforcement exception is too wide and could lead to
Back to top
10. Proposed Federal Legislation
The following bills, introduced during the current session of Congress,
are attempts to provide federal protection to health and medical information
in an age of computerization.
Currently there are several proposed laws designed specifically to protect
genetic information from misuse. For the purposes of this course, we will
highlight proposed laws that seek to protect health and medical information
1921 Health Care PIN Act
Introduced by Senator Jeffords (R-VT), this bill seeks to protect against
the unauthorized and inappropriate use of health information that is created
or maintained as part of medical treatment, health care plan administration,
or medical research. If enacted, this bill would allow individuals
to inspect and copy their individual medical information upon written request.
Additionally, this bill would require health care providers, employers,
health or life insurers, and health researchers to provide notice of their
Medical Information Privacy and Security Act (MIPSA)
Introduced by Senators Leahy (D-VT) and Kennedy (D-MA), this bill would
prohibit discrimination on the basis of all protected health information
in employment and insurance. Protected health information is defined to
include any individually identifiable information that is created during,
or becomes part of the health care treatment, diagnosis, enrollment, payment,
plan administration, testing, or research processes. In addition, every
patient would have the right to challenge the accuracy and completeness
of his or her protected health information. The bill would also establish
an Office of Health Information Privacy within the Department of Health
and Human Services.
52: Fair Health Information Practices Act of 1997
This bill is an amendment to section 552a of title 5, United States
Code to protect personally identifiable health information, as improper
use "may unfairly affect the ability of the individual to obtain employment,
education, insurance, credit, and other necessities." Representative Condit
(D-CA) offers the movement of individuals and health information across
state lines, the computerization of health information, and the emergence
of multi-state health care providers as justifications for the need for
uniform Federal law.
1367. Federal Internet Privacy Protection Act of 1997
Introduced by Representative Barrett (D-WI), this bill is designed to
prohibit Federal agencies from making available through the Internet certain
confidential records with respect to individuals, including medical history
records. It also provides for remedies in cases in which such records are
made available through the Internet.
1815. Medical Privacy in the Age of New Technologies Act of 1997
This bill, introduced by Representative McDermott (D-WA), notes the
lack of protection of health information in some states and the threats
to confidentiality posed by computerization and the possibility of unauthorized
electronic access and suggests the need for minimum Federal standards of
protection. One of the stated purposes of H.R. 1815 is to restrict the
gathering of aggregate health information for financial gain or other purposes
without obtaining the consent of each subject.
2368: Data Privacy Act of 1997
Introduced by Representative Tauzin (R-LA), this proposed act includes
a provision that restricts the use, for commercial marketing purposes,
of any personal health or medical information obtained through an interactive
computer service without the consent of the individual.
Laws by State, Electronic Privacy Information Center, Current as of
This extensive database allows users to click on any state and provides
a chart for each state's privacy legislation. If a state legislates privacy
for a certain topic (medical records is an included area), an X appears
next to the topic.
Survey of State Confidentiality Laws, with Specific Emphasis on HIV and
Immunization," Final Report Presented to the U.S. Centers for Disease
Control and Prevention, Professor Lawrence O. Gostin, J.D., LL.D. (Hon.),
Georgetown University Law Center and The Johns Hopkins School of Hygiene
and Public Health; Zita Lazzarini, J.D., M.P.H., Harvard School of Public
Health; and Kathleen M. Flaherty, J.D., Georgetown/Johns Hopkins Program
on Law and Public Health , Feb. 1997.
This report provides a thorough overview of state laws for each area
of medical privacy concern. For each sub-topic, the researchers have analyzed
how states handle privacy concerns and how many states legislate privacy
in medical records. For example, the report analyzes state laws regarding
health care information, public health data, redress of medical privacy
violations, and protection for HIV and immunization information. Below,
we provide only a small sample of the information that is available in
this report regarding medical privacy and electronic media. The report
also provides an overview of gaps in federal and state laws and provides
recommendations for new legislation.
"Computers and other electronic media are fast becoming the storage
method of choice for medical and other personal information. Despite this
fact, only twenty-two states have specific provisions regarding the protection
of confidentiality of records maintained on electronic or computerized
media. These provisions offer varying degrees of protection. Several states,
such as Tennessee, use the same standards for confidentiality of computerized
or electronic records as those applied to paper records. In other states,
including Arkansas, statutes governing confidentiality of computerized
health care information apply only to public health data; private physicians,
hospitals and other health care facilities may or may not be held to the
same definition. Oklahoma's Health Care Information System Act provides
that individual forms, computer tapes or other forms of data collected
by and furnished to the Division of Health Care Information or to a data
processor shall be confidential. Statutory protection of computerized data
may also lack specificity. Florida requires only that computerized records
be kept in accordance with "sound" record-keeping practices."
Back to top
11. Case Law
Cases involving medical records privacy generally implement a balancing
test, weighing an individual's right or expectation of privacy against
the employer's or government's need to access medical records. As you read
these cases, apply your own balancing test: do you feel that individual
privacy is being sufficiently protected?
Also, bear in mind that computer networks can collect, aggregate, and
disseminate personal medical information on a vastly increased scale. What
effect, if any, will cyberspace have on future judicial determinations
similar to these cases?
v. Roe, 429 U.S. 589 (1977)
(When you reach the Supreme Court search screen, enter 429 U.S. 589
in the citation search.)
Patients and physicians brought an action challenging the constitutionality
of New York statutes that mandated that the state be provided with a copy
of every prescription for certain drugs and that also provided security
measures to protect that information. The Supreme Court reversed a lower
court decision and held that the statutes were a reasonable exercise of
the state's broad police power. Other courts interpret this decision as
recognizing that individuals do have a limited right to privacy in their
medical records. What do you think?
United States v. Westinghouse Elec. Corp., 638 F.2d 570 (3d Cir.
1980) [full text available on Lexis/Nexis or Westlaw]
The United States sought to compel an employer--by authority of the
Occupational Safety and Health Act--to produce employee medical records.
The employer objected, raising the privacy interests of its employees and
their medical records. The Court of Appeals held that strong public interest
in facilitating research and investigations of the National Institute for
Occupational Safety and Health justified minimal intrusion into privacy
surrounding employees' medical records, and that the employer was not justified
in its blanket refusal to give the Institute access to records or in seeking
to condition their disclosure on compliance with the employer's strict
v. SEPTA 72 F.3d 1133 (3d Cir. 1995)
(When you reach the 3d Circuit search screen, enter "SEPTA" in the
party name search.)
A public employee filed suit against his employer and supervisor for
violating his right to privacy after the employer discovered that the employee
had AIDS. This discovery was made by examining records of drug purchases
made through its employee health program. The Court of Appeals recognized
a limited constitutional right to privacy in one's prescription records;
however, the Court held that the employer's need for access to employee
prescription records outweighed the employee's interest in confidentiality.
v. Lawrence 1998 WL 39209 (9th Cir.(Cal.))
(When you reach the 9th Circuit search screen, enter "Bloodsaw" in
the party name search.)
The Court of Appeals held, inter alia, that the constitutionally
protected privacy interest in avoiding disclosure of personal matters clearly
encompasses medical information and its confidentiality.
Privacy Information Center, "Minnesota Takes the Lead on Agreement to Protect
41 Million Americans,"Oct. 25, 1995.
This article describes a settlement with two of the largest health care
companies in the U.S. The settlement requires the companies to substantially
reform their methods of marketing prescription drugs. Under the terms of
the settlement, consumers must be advised about the extent to which confidential
information in their files will remain confidential, including the fact
that medical histories and prescription drug usage could be made available
to consumers' employers.
International Views Regarding Medical Privacy
Privacy Legislation in Australia. This site provides a list of
links and summaries for public and private sector privacy laws in Australia.
While these do not specifically address medical records, the laws give
some insight into the direction of Australian views with regard to privacy
European Commission, Press Release: Council
Definitively Adopts Directive on Protection of Personal Data, July
25, 1995. This press release summarizes the European Union's 1995
Gesundheit is German for health, daten is data, and schutz is protection.
Generally, the site notes that German-speaking countries (Austria, Germany,
Switzerland) have not yet addressed such issues in any systematic way,
but have begun to show concern for the protection of medical privacy. The
German and Swiss Data Protection Registrars (one each for the federal states
and one for Germany as a whole) have "issued several cautionary statements
about smart cards in the health care field which are being tested in Germany
with approval of the physicians' chamber."
Doctrine of Confidentiality, Irish Medical Journal, June/July 1997.
This article discusses current Irish judicial opinions with respect to
medical records confidentiality. Generally, it explains, "[t]he doctor's
duty of confidentiality as regards the patient's medical records, is also
governed, ethically by the Irish Medical Council's Guide to Ethical Conduct
and Behavior and Fitness to Practice, and legally by the Common Law Doctrine
of Confidentiality." It also explores the impact of electronic data on
individuals' privacy and the security of medical records.
Back to top
12. Privacy in Cyberspace Reference Library
This is a collection of readings that are relevant to the topic but didn't make it into the above discussion. Many of them are general background, others are in-depth treatments of particular topics.
What's Private and What's Not:
Social Security Numbers?
Credit Card Numbers?
What's Privacy and What's Not: Getting Personal Information
"Coping With Identity Theft"
Introduction to Cookies: How Websites Collect Your Private Information
Whose Privacy Is At Risk?
Whose Privacy Is At Risk?
Whose Privacy Is At Risk?
Privacy Protection Via Voluntary Initiatives:
Platform for Privacy Preferences (P3P)
Privacy Protection Via Voluntary Initiatives: TRUSTe
Privacy Protection Via Voluntary Initiatives: Privacy Watchdog
Privacy Protection Technologies: Encryption
Privacy Protection Technologies: Anonymous Remailers
Privacy Protection Technologies: Anonymous Remailers
Privacy Protection Under the Law:
Privacy Protection Under the Law: Marital Privacy and the Right to Procreate
Privacy Protection Under the Law: A Right to Anonymity?
Privacy Protection Under the Law: Existing Congressional Legislation
Pending Congressional Legislation:
Pending Congressional Legislation:
Pending Congressional Legislation: United States Senate
Privacy Protection Under the Law: State Tort Law (US)
Privacy Protection Under the Law: European Union
In the News: Pentium III
Pentium III: Privacy Advocates Protest
Pentium III: Privacy Advocates Protest Vigorously
Pentium III: Congress Gets in on the Act
Pentium III: Congress gets in on the Act
Pentium III: Intel Changes Chip
Novell to Offer Data-Privacy Technology fo
John Markoff, When Privacy Is More Perilous Than the Lack of It
Andrew Shapiro, Wired News, 4/23/1998, "The Netizen: Drudge Match"
David Potts, "What is Libel and Other Questions"
Additional reference links on online libel and defamation.
Courtney Macavinta, C|Net News, 2/2/1999, "Abortion 'hitlist' slammed in court"
"Planned Parenthood Wins Injunction in Oregon Case; Judge Orders American Coalition of Life Activists to Stop Threats 'To Bodily Harm, Assault, or Kill' Abortion Providers"
C|Net News, 3/12/1999, "Abortion site causes free speech firestorm"
Home page for the Loudoun County Public Library.
Back to top
Prepared: June12, 2000 - 12:02:29 PM