Page 280 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 280

U.S. Privacy Law

               Although there is no constitutional guarantee of privacy, a myriad of
               federal laws (many enacted in recent years) are designed to protect the

               private information the government maintains about citizens as well
               as key portions of the private sector such as financial, educational, and
               healthcare institutions. In the following sections, we’ll examine a
               number of these federal laws.

               Fourth Amendment The basis for privacy rights is in the Fourth
               Amendment to the U.S. Constitution. It reads as follows:


                   The right of the people to be secure in their persons, houses, papers,
                   and effects, against unreasonable searches and seizures, shall not
                   be violated, and no warrants shall issue, but upon probable cause,
                   supported by oath or affirmation, and particularly describing the
                   place to be searched, and the persons or things to be seized.


               The direct interpretation of this amendment prohibits government
               agents from searching private property without a warrant and
               probable cause. The courts have expanded their interpretation of the
               Fourth Amendment to include protections against wiretapping and
               other invasions of privacy.

               The Privacy Act of 1974 is perhaps the most significant piece of privacy

               legislation restricting the way the federal government may deal with
               private information about individual citizens. It severely limits the
               ability of federal government agencies to disclose private information
               to other people or agencies without the prior written consent of the
               affected individuals. It does provide for exceptions involving the
               census, law enforcement, the National Archives, health and safety, and
               court orders.


               Privacy Act of 1974 The Privacy Act mandates that agencies
               maintain only the records that are necessary for conducting their
               business and that they destroy those records when they are no longer
               needed for a legitimate function of government. It provides a formal
               procedure for individuals to gain access to records the government
               maintains about them and to request that incorrect records be
               amended.
   275   276   277   278   279   280   281   282   283   284   285