Can a Duty of Information Security Become Special Protection for Sensitive Data Under US Law?
Jane K. Winn
University of Washington - School of Law
September 9, 2008
The US has taken a sectoral approach to information privacy law, resulting in a patchwork of different information privacy rights that vary widely in their scope and strength, and lacks either a general right of data protection or special protections for a defined category of sensitive data. A sectoral approach to information security law is now emerging in the US, and it is producing a patchwork of different duties to protect the security of certain types of personal information. When US information privacy law and information security law are considered together, what appears to be emerging is a de facto category of sensitive data, namely personal information that is subject to stringent information security requirements. Unlike the de jure concept of sensitive data defined by EU law which is intended to block the collection, processing or transfer of certain categories of personal information in order to guarantee fundamental dignitary interests, the new US duty to secure sensitive information represents a minor modification of the current practice of treating personal financial information as a commodity.
Number of Pages in PDF File: 11
Keywords: privacy, data protection, information security, sensitive data, information privacyworking papers series
Date posted: September 11, 2008 ; Last revised: August 1, 2011
© 2013 Social Science Electronic Publishing, Inc. All Rights Reserved.
This page was processed by apollo4 in 0.781 seconds