by Unknown
and on behalf of any of its affiliates in accordance with this
paragraph is deemed to be compliance with this paragraph
by each of those affiliates.
(6)
Notification system by agencies that operate nationwide
Each consumer reporting agency that compiles and maintains files
on consumers on a nationwide basis shall establish and maintain a
notification system for purposes of paragraph (5) jointly with other
such consumer reporting agencies.
(f) Certain use or obtaining of information prohibited
A person shall not use or obtain a consumer report for any purpose
unless—
(1) the consumer report is obtained for a purpose for which the con-
sumer report is authorized to be furnished under this section; and
(2) the purpose is certified in accordance with section 1681e of this
title by a prospective user of the report through a general or spe-
cific certification.
(g) Protection of medical information
(1) Limitation on consumer reporting agencies
A consumer reporting agency shall not furnish for employment
purposes, or in connection with a credit or insurance transaction,
a consumer report that contains medical information (other than
medical contact information treated in the manner required under
section 1681c (a)(6) of this title) about a consumer, unless—
(A) if furnished in connection with an insurance transaction,
the consumer affirmatively consents to the furnishing of
the report;
(B) if furnished for employment purposes or in connection
with a credit transaction
(i) the information to be furnished is relevant to process or
effect the employment or credit transaction; and
(ii) the consumer provides specific written consent for the
furnishing of the report that describes in clear and
conspicuous language the use for which the informa-
tion will be furnished; or
(C) the information to be furnished pertains solely to transac-
tions, accounts, or balances relating to debts arising from
the receipt of medical services, products, or devises, where
such information, other than account status or amounts,
is restricted or reported using codes that do not identify,
450
Appendix D: Consumer and Credit Data Privacy Laws
or do not provide information sufficient to infer, the spe-
cific provider or the nature of such services, products, or
devices, as provided in section 1681c (a)(6) of this title.
(2)
Limitation on creditors
Except as permitted pursuant to paragraph (3)(C) or regulations
prescribed under paragraph (5)(A), a creditor shall not obtain or
use medical information (other than medical information treated
in the manner required under section 1681c (a)(6) of this title) per-
taining to a consumer in connection with any determination of the
consumer’s eligibility, or continued eligibility, for credit.
(3)
Actions authorized by Federal law, insurance activities and
regulatory determinations
Section 1681a (d)(3) of this title shall not be construed so as to
treat information or any communication of information as a con-
sumer report if the information or communication is disclosed—
(A) in connection with the business of insurance or annui-
ties, including the activities described in section 18B of
the model Privacy of Consumer Financial and Health
Information Regulation issued by the National Association
of Insurance Commissioners (as in effect on January
1, 2003);
(B) for any purpose permitted without authorization under the
Standards for Individual y Identifiable Health Information
promulgated by the Department of Health and Human
Services pursuant to the Health Insurance Portability and
Accountability Act of 1996, or referred to under section 1179
of such Act, or described in section 6802 (e) of this title; or
(C) as otherwise determined to be necessary and appropriate,
by regulation or order and subject to paragraph (6), by the
Commission, any Federal banking agency or the National
Credit Union Administration (with respect to any finan-
cial institution subject to the jurisdiction of such agency
or Administration under paragraph (1), (2), or (3) of sec-
tion 1681s (b) of this title, or the applicable State insurance
authority (with respect to any person engaged in providing
insurance or annuities).
(4)
Limitation on redisclosure of medical information
Any person that receives medical information pursuant to
paragraph (1) or (3) shall not disclose such information to any other
person, except as necessary to carry out the purpose for which the
information was initially disclosed, or as otherwise permitted by
statute, regulation, or order.
Appendix D: Consumer and Credit Data Privacy Laws
451
(5)
Regulations and effective date for paragraph (2)
(A)
Regulations required
Each Federal banking agency and the National Credit Union
Administration shal , subject to paragraph (6) and after notice
and opportunity for comment, prescribe regulations that per-
mit transactions under paragraph (2) that are determined
to be necessary and appropriate to protect legitimate opera-
tional, transactional, risk, consumer, and other needs (and
which shall include permitting actions necessary for admin-
istrative verification purposes), consistent with the intent of
paragraph (2) to restrict the use of medical information for
inappropriate purposes.
(B)
Final regulations required
The Federal banking agencies and the National Credit Union
Administration shall issue the regulations required under
subparagraph (A) in final form before the end of the 6-month
period beginning on December 4, 2003.
(6)
Coordination with other laws
No provision of this subsection shall be construed as altering,
affecting, or superseding the applicability of any other provision of
Federal law relating to medical confidentiality.
§ 1681c. Requirements relating to information contained in consumer
reports
§ 1681c-1. Identity theft prevention; fraud alerts and active duty alerts
§ 1681c-2. Block of information resulting from identity theft
§ 1681d. Disclosure of investigative consumer reports
§ 1681e. Compliance procedures
§ 1681f. Disclosures to governmental agencies
§ 1681g. Disclosures to consumers
§ 1681h. Conditions and form of disclosure to consumers
§ 1681i. Procedure in case of disputed accuracy
§ 1681j. Charges for certain disclosures
§ 1681k. Public record information for employment purposes
§ 1681l. Restrictions on investigative consumer reports
§ 1681m. Requirements on users of consumer reports
§ 1681n. Civil liability for willful noncompliance
§ 1681o. Civil liability for negligent noncompliance
§ 1681p. Juri
sdiction of courts; limitation of actions
§ 1681q. Obtaining information under false pretenses
§ 1681r. Unauthorized disclosures by officers or employees
§ 1681s. Administrative enforcement
§ 1681s-1. Information on overdue child support obligations
452
Appendix D: Consumer and Credit Data Privacy Laws
§ 1681s-2. Responsibilities of furnishers of information to consumer
reporting agencies
§ 1681s-3. Affiliate sharing
§ 1681t. Relation to State laws
§ 1681u. Disclosures to FBI for counterintelligence purposes
§ 1681v. Disclosures to governmental agencies for counterterrorism
purposes
§ 1681w. Disposal of records
§ 1681x. Corporate and technological circumvention prohibited
Federal Trade Commission Act of 1914 (15 U.S.C. §§ 41–51)
Subchapter I: Federal Trade Commission
§ 41. Federal Trade Commission Established; Membership; Vacancies;
Seal
§ 42. Employees; Expenses
§ 43. Office and Place of Meeting
§ 44. Definitions
§ 45.
Unfair Methods of Competition Unlawful; Prevention by
Commission
§ 45a. Labels on Products
§ 46. Additional Powers of Commission
§ 46a. Concurrent Resolution Essential to Authorize Investigations
§ 47. Reference of Suits under Antitrust Statutes to Commission
§ 48. Information and Assistance from Departments
§ 49. Documentary Evidence; Depositions; Witnesses
§ 50. Offenses and Penalties
Any person who shall neglect or refuse to attend and testify, or to answer any lawful inquiry, or to produce any documentary evidence, if in his power to do so, in obedience to an order of a district court of the United States directing compliance with the subpoena or lawful requirement of the commission, shall be guilty of an offense and upon conviction thereof by a court of competent jurisdiction shall be punished by a fine of not less than $1000 nor more than $5000, or by imprisonment for not more than 1 year, or by both such
fine and imprisonment.
Any person who shall willfully make, or cause to be made, any false
entry or statement of fact in any report required to be made under this subchapter; or who shall willfully make, or cause to be made, any false entry in any account, record, or memorandum kept by any person, partnership,
or corporation subject to this subchapter; or who shall willfully neglect or fail to make, or to cause to be made, full, true, and correct entries in such
Appendix D: Consumer and Credit Data Privacy Laws
453
accounts, records, or memoranda of all facts and transactions appertaining to the business of such person, partnership, or corporation; or who shall willfully remove out of the jurisdiction of the United States, or willfully mutilate, alter, or by any other means falsify any documentary evidence of such person, partnership, or corporation; or who shall willfully refuse to submit to the commission or to any of its authorized agents, for the purpose of inspection and taking copies, any documentary evidence of such person, partnership, or corporation in his possession or within his control shall be deemed guilty of an offense against the United States and shall be subject, upon conviction in any court of the United States of competent jurisdiction, to a fine of not less than $1000 nor more than $5000, or to imprisonment for a term of not more than 3 years, or to both such fine and imprisonment.
If any person, partnership, or corporation required by this subchapter to file any annual or special report shall fail to do so within the time fixed by the commission for filing the same, and such failure shall continue for 30 days after notice of such default, the corporation shall forfeit to the United States the sum of $100 for each and every day of the continuance of such failure, which forfeiture shall be payable into the treasury of the United States and shall be recoverable in a civil suit in the name of the United States brought in the case of a corporation or partnership in the district where the corporation or partnership has its principal office or in any district in which it shall do business, and in the case of any person in the district where such person resides or has his principal place of business. It shall be the duty of the various United States attorneys, under the direction of the attorney general of the United States, to prosecute for the recovery of the forfeitures. The costs and expenses of such prosecution shall be paid out of the appropriation for the expenses of the courts of the United States.
Any officer or employee of the commission who shall make public
any information obtained by the commission without its authority, unless
directed by a court, shall be deemed guilty of a misdemeanor and, upon
conviction thereof, shall be punished by a fine not exceeding $5000, or by imprisonment not exceeding 1 year, or by fine and imprisonment, in the
discretion of the court.
§ 51. Effect on Other Statutory Provisions
§ 52. Dissemination of False Advertisements
§ 53. False Advertisements; Injunctions and Restraining Orders
§ 54. False Advertisements; Penalties
§ 55. Additional Definitions
§ 56.
Commencement, Defense, Intervention, and Supervision of
Litigation and Appeal by Commission or Attorney General
§ 57. Separability Clause
§ 57a. Unfair or Deceptive Acts or Practices Rulemaking Proceedings
454
Appendix D: Consumer and Credit Data Privacy Laws
§ 57a-1. Omitted
§ 57b. Civil Actions for Violations of Rules and Cease and Desist Orders Respecting Unfair or Deceptive Acts or Practices
§ 57b-1. Civil Investigative Demands
§ 57b-2. Confidentiality
§ 57b-2a. Confidentiality and Delayed Notice of Compulsory Process
for Certain Third Parties
§ 57b-2b. Protection for Voluntary Provision of Information
§ 57b-3. Rulemaking Process
§ 57b-4. Good Faith Reliance on Actions of Board of Governors
§ 57b-5. Agricultural Cooperatives
§ 57c. Authorization of Appropriations
§ 57c-1. Staff Exchanges
§ 57c-2. Reimbursement of Expenses
§ 58. Short Title
Health Insurance Portability and
Accountability Act (HIPAA)
HIPAA is found in 29 U.S.C. 1181, 42 U.S.C. 1320, and 42 U.S.C. 1395. The Privacy Rule is located at 45 C.F.R. Part 160 and Subparts A and E of Part
164 (the Code of Federal Regulations).
The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and
applies to health plans, health-care clearinghouses, and those health-care providers that conduct certain health-care transactions electronically. The rule requires appropriate safeguards to protect the privacy of personal health information and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The rule
also gives patients rights over their health information, including rights to examine and obtain a copy of their health records and to request corrections.
Jencks Act (18 U.S.C. 3500)
Jencks Act 18 U.S.C. 3500 and 3504
§ 3500. Demands for Production of Statements
and Reports of Witnesses
(a) In any criminal prosecution brought by the United States, no state-
ment or report in the possession of the United States, which was
made by a government witness or prospective government witness
Appendix D: Consumer and Credit Data Privacy Laws
455
(other than the defendant), shall be the subject of subpoena, discov-<
br />
ery, or inspection until the said witness has testified on direct exami-
nation in the trial of the case.
(b) After a witness called by the United States has testified on direct
examination, the court shall, on motion of the defendant, order the
United States to produce any statement (as hereinafter defined) of
the witness in the possession of the United States, which relates to
the subject matter as to which the witness has testified. If the entire
contents of any such statement relate to the subject matter of the tes-
timony of the witness, the court shall order it to be delivered directly
to the defendant for his examination and use.
(c) If the United States claims that any statement ordered to be pro-
duced under this section contains matter that does not relate to the
subject matter of the testimony of the witness, the court shall order
the United States to deliver such statement for the inspection of the
court in camera. Upon such delivery, the court shall excise the por-
tions of such statement that do not relate to the subject matter of
the testimony of the witness. With such material excised, the court
shall then direct delivery of such statement to the defendant for
his use. If, pursuant to such procedure, any portion of such state-
ment is withheld from the defendant and the defendant objects to
such withholding, and the trial is continued to an adjudication of
the guilt of the defendant, the entire text of such statement shall
be preserved by the United States and, in the event the defendant
appeals, shall be made available to the appellate court for the pur-
pose of determining the correctness of the ruling of the trial judge.
Whenever any statement is delivered to a defendant pursuant to
this section, the court in its discretion, upon application of the said
defendant, may recess proceedings in the trial for such time as it
may determine to be reasonably required for the examination of
such statement by the said defendant and his preparation for its use
in the trial.
(d) If the United States elects not to comply with an order of the court under subsection (b) or (c) hereof to deliver to the defendant any
such statement, or such portion thereof as the court may direct,