The National Academies Press

Currently Skimming:

Pages 15-22

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 15... ... TCRP LRD 59 15 regulations on both the federal and state level deal with the storage and use of an individual's PII and confidential and sensitive information, such as medical and financial records. Data protection law covers protected categories and types of data, when protection arises, and permissible uses or disclosures. Read the entire page →
From page 16... ... 16 TCRP LRD 59 ceed on the merits for several reasons. First, to help maintain the confidentiality of electronic trip data, the contracts with the technology system vendors included a provision specifically prohibiting vendors from disclosing the location of a taxicab while it is off-duty to anyone, including the New York City TLC.91 Second, citing Knotts, the court found that there likely is "no legitimate expectation of privacy" in the taxicab context at issue, and the Fourth Amendment protection against unreasonable searches and seizures "depends on whether the person invoking its protection can claim a ‘justifiable,' ‘reasonable' or ‘legitimate expectation of privacy' that has been invaded by government action."92 Third, the Alexandre court found that a person's privacy interests are not absolute and "can be overcome by a sufficiently weighty government purpose."93 The Court of Appeals for the Second Circuit had applied "intermediate level scrutiny" in evaluating regulations analogous to the taxi GPS rules considered in Alexandre.94 The court found that the use of GPS technology appeared to outweigh any burdened privacy rights because the technology was required to improve taxi service for the public good by using "modern methods." The court also ruled that medallion owners who choose to engage in a "publicly regulated business" surrender their rights to unfettered discretion and denied the preliminary injunction. Read the entire page →
From page 17... ... TCRP LRD 59 17 C Federal Laws Protecting Personal Information in Government Records Both federal and state laws protect personal information in government records. Read the entire page →
From page 18... ... 18 TCRP LRD 59 (2) the right to amend a nonexempt record if it is in accurate, irrelevant, untimely, or incomplete; and (3) Read the entire page →
From page 19... ... TCRP LRD 59 19 a transaction covered by this subchapter."121 A health care provider means a provider of medical or health services and "any other person or organization who furnishes, bills, or is paid for health care in the normal course of business."122 "Doctors, clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies are health care providers;" transit agencies are not, even if they obtain PHI from a covered entity such as a hospital.123 Therefore, HIPAA does not apply to transit agencies unless they meet HIPAA's criteria for being a business associate of a covered entity. A separate Legal Digest on How the HIPAA and Other Privacy Laws Affect Public Transportation Operations concluded: [A] Read the entire page →
From page 20... ... 20 TCRP LRD 59 charges that the company deceived consumers about its privacy and data security practices.137 E State Data Privacy Laws States have different definitions for personal information and regulations regarding protection of such information in government data. Read the entire page →
From page 21... ... TCRP LRD 59 21 pleteness that is necessary to assure fairness in any determination made with respect to a person on the basis of the information; • Take reasonable precautions to protect personal information in the system from unauthorized modification, destruction, use, or disclosure; • Collect, maintain, and use only personal information that is necessary and relevant to the functions that the agency is required or authorized to perform by statute, ordinance, code, or rule, and eliminate personal information from the system when it is no longer necessary and relevant to those functions. 146 The Ohio Privacy Act establishes a private right of action for a person who is harmed by the use of personal information that is maintained in a personal information system. Read the entire page →
From page 22... ... 22 TCRP LRD 59 F Transit Agency Regulations, Policies, and Procedures for Data Privacy and Protection Data collection poses significant risks to personal privacy and threats to innovation and competition. Read the entire page →

From page 15...

... TCRP LRD 59 15 regulations on both the federal and state level deal with the storage and use of an individual's PII and confidential and sensitive information, such as medical and financial records. Data protection law covers protected categories and types of data, when protection arises, and permissible uses or disclosures.

Read the entire page →

From page 16...

... 16 TCRP LRD 59 ceed on the merits for several reasons. First, to help maintain the confidentiality of electronic trip data, the contracts with the technology system vendors included a provision specifically prohibiting vendors from disclosing the location of a taxicab while it is off-duty to anyone, including the New York City TLC.91 Second, citing Knotts, the court found that there likely is "no legitimate expectation of privacy" in the taxicab context at issue, and the Fourth Amendment protection against unreasonable searches and seizures "depends on whether the person invoking its protection can claim a ‘justifiable,' ‘reasonable' or ‘legitimate expectation of privacy' that has been invaded by government action."92 Third, the Alexandre court found that a person's privacy interests are not absolute and "can be overcome by a sufficiently weighty government purpose."93 The Court of Appeals for the Second Circuit had applied "intermediate level scrutiny" in evaluating regulations analogous to the taxi GPS rules considered in Alexandre.94 The court found that the use of GPS technology appeared to outweigh any burdened privacy rights because the technology was required to improve taxi service for the public good by using "modern methods." The court also ruled that medallion owners who choose to engage in a "publicly regulated business" surrender their rights to unfettered discretion and denied the preliminary injunction.

Read the entire page →

From page 17...

... TCRP LRD 59 17 C Federal Laws Protecting Personal Information in Government Records Both federal and state laws protect personal information in government records.

Read the entire page →

From page 18...

... 18 TCRP LRD 59 (2) the right to amend a nonexempt record if it is in accurate, irrelevant, untimely, or incomplete; and (3)

Read the entire page →

From page 19...

... TCRP LRD 59 19 a transaction covered by this subchapter."121 A health care provider means a provider of medical or health services and "any other person or organization who furnishes, bills, or is paid for health care in the normal course of business."122 "Doctors, clinics, psychologists, dentists, chiropractors, nursing homes, and pharmacies are health care providers;" transit agencies are not, even if they obtain PHI from a covered entity such as a hospital.123 Therefore, HIPAA does not apply to transit agencies unless they meet HIPAA's criteria for being a business associate of a covered entity. A separate Legal Digest on How the HIPAA and Other Privacy Laws Affect Public Transportation Operations concluded: [A]

Read the entire page →

From page 20...

... 20 TCRP LRD 59 charges that the company deceived consumers about its privacy and data security practices.137 E State Data Privacy Laws States have different definitions for personal information and regulations regarding protection of such information in government data.

Read the entire page →

From page 21...

... TCRP LRD 59 21 pleteness that is necessary to assure fairness in any determination made with respect to a person on the basis of the information; • Take reasonable precautions to protect personal information in the system from unauthorized modification, destruction, use, or disclosure; • Collect, maintain, and use only personal information that is necessary and relevant to the functions that the agency is required or authorized to perform by statute, ordinance, code, or rule, and eliminate personal information from the system when it is no longer necessary and relevant to those functions. 146 The Ohio Privacy Act establishes a private right of action for a person who is harmed by the use of personal information that is maintained in a personal information system.

Read the entire page →

From page 22...

... 22 TCRP LRD 59 F Transit Agency Regulations, Policies, and Procedures for Data Privacy and Protection Data collection poses significant risks to personal privacy and threats to innovation and competition.

Read the entire page →

Key Terms

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.