Chapter 2: U.S. Legal Framework

Six Keys to Understanding Any Law

Analyze any privacy law with six questions: who is covered, what information/uses, what is required/prohibited, who enforces, what happens if you don't comply, and why the law exists. The first two define scope.

Who is covered by this law?
What types of information (and uses) are covered?
What exactly is required or prohibited?
Who enforces the law?
What happens if I don't comply?
Why does this law exist?

Group the six questions

Questions 1-2 define scope; question 3 is how to comply; questions 4-5 assess risk of noncompliance; question 6 reveals the spirit of the law and helps anticipate trends.

The chapter notes that in rare cases a company may rationally conclude the costs of compliance outweigh the risks of noncompliance for a limited time - for example, when a non-compliant system will be replaced within months anyway.

Key terms - quick answers

What is “Scope of a law”?

Defined by who is covered and what information or uses are covered - the first two of the six key questions.

← Self-Regulation in Privacy Applying the Framework: California SB 1386 Breach Notification →