Video Privacy Protection Act
18 U.S.C. § 2710 et seq.
Section 2710 Wrongful disclosure of video tape rental or sale records
(a) Definitions -- For purposes of this section --
(1) the term "consumer" means any renter, purchaser, or subscriber of goods or services from a video tape service provider;
(2) the term "ordinary course of business" means only debt collection activities, order fulfillment, request processing, and the transfer of ownership;
(3) the term "personally identifiable information" includes information which identifies a person as having requested or obtained specific video materials or services from a video tape service provider; and
(4) the term "video tape service provider" means any person, engaged in the business, in or affecting interstate or foreign commerce, of rental, sale, or delivery of prerecorded video cassette tapes or similar audio visual materials, or any person or other entity to whom a disclosure is made under sub-paragraph (D) or (E) of subsection(b)(2), but only with respect to the information contained in the disclosure.
(b) Video Tape Rental and Sale Records -- (1) A video tape service provider who knowingly discloses, to any person, personally identifiable information concerning any consumer of such provider shall be liable to the aggrieved person for the relief provided in subsection (d).
(2) A video tape service provider may disclose personally identifiable information concerning any consumer --
(A) to the consumer;
(B) to any person with the informed, written consent of the consumer given at the time the disclosure is sought;
(C) to a law enforcement agency pursuant to a warrant issued under the Federal Rules of Criminal Procedure, an equivalent State warrant, a grand jury subpoena, or a court order;
(D) to any person if the disclosure is solely of the names and addresses of consumers and if --
(i) the video tape service provider has provided the consumer with the opportunity, in a clear and conspicuous manner, to prohibit such disclosure; and
(ii) the disclosure does not identify the title, description, or subject matter of any video tapes or other audio visual material; however, the subject matter of such materials may be disclosed if the disclosure is for the exclusive use of marketing goods and services directly to the consumer;
(E) to any person if the disclosure is incident to the ordinary course of business of the video tape service provider; or
(F) pursuant to a court order, in a civil proceeding, upon a showing of compelling need for the information that cannot be accommodated by any other means, if --
(i) the consumer is given reasonable notice, by the person seeking the disclosure, of the court proceeding relevant to the issuance of the court order; and
(ii) the consumer is afforded the opportunity to appear and contest the claim of the person seeking the disclosure. If an order is granted pursuant to sub-paragraph (C) or (F), the court shall impose appropriate safeguards against unauthorized disclosure.
(3) Court orders authorizing disclosure under sub-paragraph (C) shall issue only with prior notice to the consumer and only if the law enforcement agency shows that there is probable cause to believe that the records or other information sought are relevant to a legitimate law enforcement inquiry. In the case of a State government authority, such a court order shall not issue if prohibited by the law of such State. A court issuing an order pursuant to this section, on a motion made promptly by the videotape service provider, may quash or modify such order if the information or records requested are unreasonably voluminous in nature or if compliance with such order otherwise would cause an unreasonable burden on such provider.
(c) Civil Action -- (1) Any person aggrieved by any act of a person in violation of this section may bring a civil action in a United States district court.
(2) The court may award --
(A) actual damages but not less than liquidated damages in an amount of $2,500;
(B) punitive damages;
(C) reasonable attorneys' fees and other litigation costs reasonably incurred; and
(D) such other preliminary and equitable relief as the court determines to be appropriate.
(3) No action may be brought under this subsection unless such action is begun within 2 years from the date of the act complained of or the date of discovery.
(4) No liability shall result from lawful disclosure permitted by this section.
(d) Personally Identifiable Information -- Personally identifiable information obtained in any manner other than as provided in this section shall not be received into evidence in any trial, hearing, arbitration, or other proceeding in or before any court, grand jury, department, officer, agency, regulatory body, legislative committee, or other authority of the United States, a State, or a political subdivision of a State.
(e) Destruction of Old Records -- A person subject to this section shall destroy personally identifiable information as soon as practicable, but no later than one year from the date the information is no longer necessary for the purpose for which it was collected and there are no pending requests or orders for access to such information under subsection (b)(2) or (c)(2)or pursuant to a court order.
(f) Preemption -- The provisions of this section preempt only the provisions of State or local law that require disclosure prohibited by this section.
SOCIAL SECURITY NUMBER USAGE
Section 7 of the Privacy Act (found at 5 U.S.C. § 552a note (Disclosure of Social Security Number)) provides that: "It shall be unlawful for any Federal, State or local government agency to deny to any individual any right, benefit, or privilege provided by law because of such individual's refusal to disclose his social security account number." Sec. 7(a)(1).
§ 2703. Required disclosure of customer communications or records
(a) Contents of Wire or Electronic Communications in Electronic Storage.?A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication, that is in electronic storage in an electronic communications system for one hundred and eighty days or less, only pursuant to a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures) by a court of competent jurisdiction. A governmental entity may require the disclosure by a provider of electronic communications services of the contents of a wire or electronic communication that has been in electronic storage in an electronic communications system for more than one hundred and eighty days by the means available under subsection (b) of this section.
(b) Contents of Wire or Electronic Communications in a Remote Computing Service.-
(1) A governmental entity may require a provider of remote computing service to disclose the contents of any wire or electronic communication to which this paragraph is made applicable by paragraph (2) of this subsection-
(A) without required notice to the subscriber or customer, if the governmental entity obtains a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures) by a court of competent jurisdiction; or
(B) with prior notice from the governmental entity to the subscriber or customer if the governmental entity-
(i) uses an administrative subpoena authorized by a Federal or State statute or a Federal or State grand jury or trial subpoena; or
(ii) obtains a court order for such disclosure under subsection (d) of this section;
except that delayed notice may be given pursuant to section 2705 of this title.
(2) Paragraph (1) is applicable with respect to any wire or electronic communication that is held or maintained on that service -
(A) on behalf of, and received by means of electronic transmission from (or created by means of computer processing of communications received by means of electronic transmission from), a subscriber or customer of such remote computing service; and
(B) solely for the purpose of providing storage or computer processing services to such subscriber or customer, if the provider is not authorized to access the contents of any such communications for purposes of providing any services other than storage or computer processing.
(c) Records Concerning Electronic Communication Service or Remote Computing Service. -
(1) A governmental entity may require a provider of electronic communication service or remote computing service to disclose a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications) only when the governmental entity -
(A) obtains a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures) by a court of competent jurisdiction;
(B) obtains a court order for such disclosure under subsection (d) of this section;
(C) has the consent of the subscriber or customer to such disclosure;
(D) submits a formal written request relevant to a law enforcement investigation concerning telemarketing fraud for the name, address, and place of business of a subscriber or customer of such provider, which subscriber or customer is engaged in telemarketing (as such term is defined in section 2325 of this title); or
(E) seeks information under paragraph (2).
(2) A provider of electronic communication service or remote computing service shall disclose to a governmental entity the-
(C) local and long distance telephone connection records, or records of session times and durations;
(D) length of service (including start date) and types of service utilized;
(E) telephone or instrument number or other subscriber number or identity, including any temporarily assigned network address; and
(F) means and source of payment for such service (including any credit card or bank account number),
of a subscriber to or customer of such service when the governmental entity uses an administrative subpoena authorized by a Federal or State statute or a Federal or State grand jury or trial subpoena or any means available under paragraph (1).
(3) A governmental entity receiving records or information under this subsection is not required to provide notice to a subscriber or customer.
(d) Requirements for Court Order. - A court order for disclosure under subsection (b) or (c) may be issued by any court that is a court of competent jurisdiction and shall issue only if the governmental entity offers specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation. In the case of a State governmental authority, such a court order shall not issue if prohibited by the law of such State.
A court issuing an order pursuant to this section, on a motion made promptly by the service provider, may quash or modify such order, if the information or records requested are unusually voluminous in nature or compliance with such order otherwise would cause an undue burden on such provider.
(e) No Cause of Action Against a Provider Disclosing Information Under This Chapter. - No cause of action shall lie in any court against any provider of wire or electronic communication service, its officers, employees, agents, or other specified persons for providing information, facilities, or assistance in accordance with the terms of a court order, warrant, subpoena, statutory authorization, or certification under this chapter.
(f) Requirement To Preserve Evidence.?
(1) In general. - A provider of wire or electronic communication services or a remote computing service, upon the request of a governmental entity, shall take all necessary steps to preserve records and other evidence in its possession pending the issuance of a court order or other process.
(2) Period of retention. - Records referred to in paragraph (1) shall be retained for a period of 90 days, which shall be extended for an additional 90-day period upon a renewed request by the governmental entity.
(g) Presence of Officer Not Required.? Notwithstanding section 3105 of this title, the presence of an officer shall not be required for service or execution of a search warrant issued in accordance with this chapter requiring disclosure by a provider of electronic communications service or remote computing service of the contents of communications or records or other information pertaining to a subscriber to or customer of such service.
California Online Privacy Protection Act of 2003, Cal. Bus. & Prof. Code § 22575 ? 22579
(1) Identify the categories of personally identifiable information that the operator collects
through the Web site or online service about individual consumers who use or visit its
commercial Web site or online service and the categories of third-party persons or entities
with whom the operator may share that personally identifiable information.
(2) If the operator maintains a process for an individual consumer who uses or visits its
commercial Web site or online service to review and request changes to any of his or her
personally identifiable information that is collected through the Web site or online service,
provide a description of that process.
(3) Describe the process by which the operator notifies consumers who use or visit its
for that Web site or online service.
(4) Identify its effective date.
(a) Knowingly and willfully.
(b) Negligently and materially.
22577. For the purposes of this chapter, the following definitions apply:
(a) The term "personally identifiable information" means individually identifiable information
about an individual consumer collected online by the operator from that individual and
maintained by the operator in an accessible form, including any of the following:
(1) A first and last name.
(2) A home or other physical address, including street name and name of a city or town.
(3) An e-mail address.
(4) A telephone number.
(5) A social security number.
(6) Any other identifier that permits the physical or online contacting of a specific individual.
(7) Information concerning a user that the Web site or online service collects online from the
user and maintains in personally identifiable form in combination with an identifier
described in this subdivision.
or first significant page after entering the Web site.
icon is located on the homepage or the first significant page after entering the Web site,
and if the icon contains the word "privacy." The icon shall also use a color that contrasts
with the background color of the Web page or is otherwise distinguishable.
the text link is located on the homepage or first significant page after entering the Web
site, and if the text link does one of the following:
(A) Includes the word "privacy."
(B) Is written in capital letters equal to or greater in size than the surrounding text.
(C) Is written in larger type than the surrounding text, or in contrasting type, font, or color to
the surrounding text of the same size, or set off from the surrounding text of the same size
by symbols or other marks that call attention to the language.
(4) Any other functional hyperlink that is so displayed that a reasonable person would notice
(5) In the case of an online service, any other reasonably accessible means of making the
(c) The term "operator" means any person or entity that owns a Web site located on the
Internet or an online service that collects and maintains personally identifiable information
from a consumer residing in California who uses or visits the Web site or online service if
the Web site or online service is operated for commercial purposes. It does not
include any third party that operates, hosts, or manages, but does not own, a Web site or
online service on the owner's behalf or by processing information on behalf of the owner.
(d) The term "consumer" means any individual who seeks or acquires, by purchase or lease,
any goods, services, money, or credit for personal, family, or household purposes.
22579. This chapter shall become operative on July 1, 2004.
California Information Practices Act of 1977
1798.1. The Legislature declares that the right to privacy is a personal and fundamental right protected by Section 1 of Article I of the Constitution of California and by the United States Constitution and that all individuals have a right of privacy in information pertaining to them. The Legislature further makes the following findings:
(a) The right to privacy is being threatened by the indiscriminate collection, maintenance, and
dissemination of personal information and the lack of effective laws and legal remedies.
(b) The increasing use of computers and other sophisticated information technology has
greatly magnified the potential risk to individual privacy that can occur from the
maintenance of personal information.
(c) In order to protect the privacy of individuals, it is necessary that the maintenance and
dissemination of personal information be subject to strict limits.
This policy does not apply to the practices of companies that YAMW does not own or control, or to people that YAMW does not employ or manage. In addition, some companies that YAMW uses their proprietary web-based solutions have their own, preexisting privacy policies which may be viewed in our proprietary solutions section (see below).
The YAMW Services are used by both businesses (incorporated or otherwise) ("Businesses") who register for the YAMW Services and by the customers and/or potential customers of such Businesses ("Consumers"). We collect information from the Businesses and Consumers and we also collect information in connection with the operation, maintenance and usage of the YAMW Services.
By using or accessing the YAMW Service(s), you are accepting and agreeing to the practices described in this Privacy and Security Policy.
Information You Post
In connection with the YAMW Services, Businesses and/or Consumers may choose to upload, publish or otherwise display, or share with others (collectively, "post") certain material, including contact information, photos, personal information, messages, notes, text, and/or any other content (collectively the "User Content") on or through the YAMW Services. You agree that you are posting the User Content at your own risk and YAMW and its partners or agents are not responsible for the use, confidentiality, disclosure or security of such User Content; This Privacy and Security Policy is not applicable to User Content you publicly post.
The Types of Information We Collect
Registration Information for Businesses: When a Business registers to use the YAMW Services, in the registration process, YAMW collects certain registration information from the representative of the Business, including the Business name, a user name and password to be used by the Business representative, and other the contact information for the Business representative, such as email, address and telephone number, etc. (collectively "Registration Information").
Billing Information: When a Business purchases fee-based services/products from YAMW, YAMW will also collect billing information from the Business representative, such as credit card number(s) ("Billing Information").
Other Information Collected from Businesses and Consumers in Connection with YAMW Service Offerings:
a. Information about the Business Operations: In connection with the YAMW Services, YAMW may also collect certain information about the Business and its operations, including, the geographic location of the Business, the services and/or products offered by the Business, a general description of the Business operations (including hours of operation), pricing, policies, names of staff members/contractors, contact information for staff members/contractors (including but not limited to email addresses, phone numbers, names of such personnel), photographs of business and/or staff members/contractors, etc. (collectively "Business Information").
b. Consumer Information: In connection with the YAMW Services, YAMW may also collect certain information (including personally identifiable information) about the Consumers of the Businesses. For example, Businesses may input and/or upload certain information about their Consumers and the Consumers of the Business may input and/or upload such information about themselves (collectively "Consumer Information").
c. Aggregate Site Usage Information: YAMW also collects aggregate information from the users of the YAMW Services regarding the users systems and their usage of the YAMW Services (including but not limited to, information derived from the web browser?s of the users of the YAMW Services including information derived from "cookies" or similar technology, Internet Protocol addresses collected from server logs, traffic and volume statistical data, frequency of visits, type and time of transactions, statistical data, browser type, operating system, activity on site, links to external sites, clicks on advertisements, volume statistical information, etc.) (collectively "Aggregate Site Usage Information").
How and When We Use Information Collected
YAMW (and/or its business partners or contractors) may use any and/or all of the information collected or provided by Businesses and/or Consumers for the following general purposes: (a) to provide, maintain, administer, and update the YAMW Services; (b) to analyze and evaluate usage of the YAMW Services; (c) to support the users of the YAMW Services, including to correct any errors or failures of the YAMW Services; (d) to customize any marketing, advertising, and/or other content presented to users of the YAMW Services; (e) to fulfill requests for YAMW Services and/or products; (f) to improve YAMW Services; (g) to conduct research, and/or (h) to provide anonymous reporting and/or data for internal and external clients.
YAMW (and/or its business partners or contractors) also uses the information collected in the following more specific ways:
Registration Information may be used by YAMW (and/or its business partners or contractors) to authenticate the representatives of the Business, to contact and communicate with the Business and its representatives, to provide information regarding service updates, to provide service updates and/or other useful information to the Business and/or its representative.
Billing Information is used by YAMW (and/or its business partners or contractors) to charge for services and/or products purchased.
Business Information is deemed public information (including any personally identifiable information provided as contact information) and may be published on the internet, including to third party web sites in order to advertise or promote the Business products/services.
Aggregate Site Usage Information is used by YAMW (and/or its business partners or contractors) to diagnose technical problems, to administer the YAMW Services, for product development and testing, for backup/recovery purposes, to improve the quality and types of YAMW Services delivered, to analyze the usage and customize the content and/or advertising appropriately, and/or to market/validate services and products offered.
YAMW (and/or its business partners or contractors) may use "cookies" or similar technologies to identify user traffic patterns and user technology, to collect usage information and aggregate demographic information, to assist YAMW in delivering the YAMW Services, to improve YAMW?s offerings and/or services, to authenticate users, to identify users, to provide a more positive and/or personalized user experience and/or to facilitate access to user accounts, etc. YAMW (and/or its business partners or contractors) may use third party advertising companies to serve ads and these third parties may send cookies or similar technologies to your computer. Such technologies may be used to tailor the content of information delivered to you. Please understand that Blocking cookies and/or similar technologies may interfere with your use of some of the YAMW Services.
YAMW (and/or its business partners or contractors) may also use the Business and/or Consumer contact information to communicate with the Business and Consumers. For example, if you are the Consumer, YAMW (and/or its business partners or contractors) may send you emails containing information you requested from the relevant Business. If you are the Business, YAMW (and/or its business partners or contractors) may send you emails containing information you have requested from the Consumers. Generally, you may configure your personal account settings to set the frequency of emails or opt-out of certain promotional emails; See the section on Communications below.
How and When We Share Information Collected
Sharing Required to Provide Services: By using YAMW Services you agree that you are consenting to disclosure of your personally identifiable information but only to the extent disclosure is necessary to provide or facilitate providing the YAMW Services you are requesting. We will share the information we collected from you as necessary in accordance with any request by any government or law enforcement agency.
We may contract with third parties to perform certain tasks on our behalf. We might share certain information we collect with such third parties in order to perform those tasks; examples include sending email, analyzing information, and providing user services. Unless we otherwise inform you, YAMW's agents/contractors will not be granted any rights to use any personally identifiable information we share with them beyond what is necessary to perform such services.
YAMW Business Partners
In certain instances, YAMW Services are offered jointly with our business partners. For example, YAMW may partner with third parties to offer a private labeled hosted service or a co-branded service. You can easily recognize when a business partner of ours is associated with a particular service offering/opportunity/transaction, and we will share user information that is related to such service offering/opportunity/transaction with that affiliated business partner. All such information will be delivered to our business partner, subject to the partner?s agreement to comply with the terms of this Privacy and Security Policy.
Third Party Advertisers
Sale or Merger of the Business or Portions of the Business; Business Transfers
If at some point YAMW sells all or a portion of its assets, or merges with another entity, or if YAMW goes out of business or enters bankruptcy, the YAMW data (including user information collected) may be transferred or acquired by a third party in an asset sale or transfer. After such a transaction, the third party that becomes the custodian of the information/data purchased would have the right to continue using the information/data as set forth in this policy. You acknowledge that such transfers may occur, and that any acquirer may continue to use your information as set forth in this policy.
Compliance with Laws
Protection of YAMW and Others: YAMW may release information collected (including personally identifiable information) if it believes in good faith that the release/disclosure is necessary to comply with laws or regulations, subpoenas, or the requests of law enforcement or other government authorities or that disclosure is reasonably necessary to enforce/apply YAMW?s Terms of Service or other agreements, or that disclosure is required in order to protect the rights, property, or safety of YAMW, its employees, our users, or other third parties. This includes, without limitation, exchanging information with other companies and organizations for fraud protection.
Disclosures with Your Consent
Except as set forth herein, users will be notified when their personally identifiable information may be shared with third parties, and will be given the option to prevent the sharing of this information.
Relationship and Disclosures between the Consumers and Businesses:
To the extent you are the Consumer and you provide information to the Business via YAMW Services or otherwise (including but not limited to any personally identifiable information you provide to the Business), YAMW is not responsible for the Business? use or disclosure of such information. For example if you provide your email address or other personally identifiable information to a Business via the YAMW Services or otherwise, the Business may use that information and contact you with promotional or other information or disclose that information to others. You understand and agree that YAMW is in no way responsible for such use or disclosures of such information.
Similarly, to the extent you are the Business and provide information to the Customers via YAMW Services or otherwise (including personally identifiable information you make available to the Consumers via the YAMW Services or otherwise), YAMW is not responsible for the Consumer?s use or disclosure of such information.
All information exchanged between Business and Consumers via the YAMW Services or otherwise, is exchanged at your sole risk and YAMW is not responsible to control the actions of the Business or Consumers.
Third Party Sites
YAMW?s site is collaborative, and may contain links to multiple third party sites on the Internet, including many that have different privacy and security policies and practices. YAMA makes no representations or warranties about the policies and practices of sites that are linked to the YAMW sites or its users. We urge you to consult the policies available on those sites to further understand your rights and their practices.
YAMW has implemented processes designed to protect the information its collects and stores. Registered users are assigned a unique user name and password which are required to access their account. It is the user's responsibility to protect the security of their user name and password. YAMW has employed firewalls and other advanced security technologies which we believe to be appropriate in an effort to prevent unauthorized interference or access from outside intruders. However, YAMW cannot guarantee the security of its systems or any information stored or maintained on its systems as no security measures are perfect or impenetrable. Also, YAMW cannot control the actions of others. Unauthorized entry or use or disclosures, hardware or software failures, and other factors may compromise the security of the information YAMW collects and stores. YAMW is not responsible for circumvention of any privacy settings or security measures used in connection with YAMW Services.
Accessing, Correcting and Revising Registration and Contact Information
If you need to update or change your information, you may so by editing your user record/account information. To update your record/account information, log on to the service and select the available user account management pages.
If you choose to cancel your account, please be aware that we may retain residual/historical information in our data bases for audit, legal or other purposes.
Communications; Email Opt-Out
As part of our Services, you agree that YAMW may contact you and send you communications as the YAMW deems reasonably necessary. YAMW may also, from time-to-time, send you certain promotional emails/communications. To stop receiving promotional emails/communications you may opt out by contacting us at [email protected]
Compliance with Children's Online Privacy Protection Act
As a business service, YAMW does not target its offerings toward, and does not knowingly collect any personal information from users under 13 years of age.
Changes to the Privacy and Security Policy
We reserve the right to change this Privacy and Security Policy and will provide notification of any material change. Any changes shall be effective after you receive notice of the change prospectively. If you do not agree with the changes, you can terminate your account and/or stop using the YAMW Services and such change will therefore not apply to you.
You may contact us with any questions pertaining to this policy at [email protected]