BKBUPRLH.RVW 20081123 "The Business Privacy Law Handbook", Charles H. Kennedy, 2008, 978-1-59693-176-3, U$109.00 %A Charles H. Kennedy ckennedy@mofo.com %C 685 Canton St., Norwood, MA 02062 %D 2008 %G 978-1-59693-176-3 1-59693-176-0 %I Artech House/Horizon %O U$109.00 617-769-9750 800-225-9977 artech@artech-house.com %O http://www.amazon.com/exec/obidos/ASIN/1596931760/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1596931760/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1596931760/robsladesin03-20 %O Audience a- Tech 2 Writing 2 (see revfaq.htm for explanation) %P 312 p. %T "The Business Privacy Law Handbook" The preface states that this is a survey of business privacy law in the United States, and the changes that field is undergoing, intended for business managers and those advising them. The introduction is rather interesting: on the one hand, it lays out a five-step process to guide the task of ensuring compliance with privacy regulations, and on the other, it points out how complex this undertaking is, in the labyrinthine legal environment of the US. Part one addresses issues of information relating to consumers and customers. Chapter one deals with information collected on the Internet and through Websites. As the US has no general national standards in this regard, most of the discussion deals with the design of corporate privacy policies for Websites. There is also an examination of the Children's Online Privacy Protection Act (COPPA). Various US and state laws with implications for general information security and protection are noted in chapter two, which also has a brief section on information risk identification. Legislation relating to companies in the financial industry are reviewed in chapter three. Chapter four notes the provisions of the Electronic Communications Privacy Act, the Stored Communications Act, and special provisions for communications carriers. The implications of HIPAA (the Health Insurance Portability and Accountability Act) for the health industry are outlined in chapter five, which also notes some related state laws. Although ostensibly about the European Union privacy directives, the rather terse material in chapter six is more about the Safe Harbor framework of the US Department of Commerce. Part two looks at job applicants and employees. Chapter seven is a brief review of the hiring process, and it is interesting to note that the common opposition (by employers) to providing detailed references has little objective basis. The examination of internal investigations, as discussed in chapter eight, is limited, and repeats content from chapter seven. Chapter nine's deliberation on surveillance is primarily concerned with tapping of phone and email conversations. Part three turns to communications with customers and consumers, with three successive chapters on marketing types of intercourse; telemarketing (in chapter ten), fax advertising (eleven), and spam (twelve). Chapter thirteen, on the monitoring of customer communications, is a mere three paragraphs in total length, and is a reiteration of some of the content of chapter nine. Appendices list state privacy and data security laws. It is unfortunate that the title does not make clear the US-centric nature of the material, but it is reasonable for a legal text to concentrate on one jurisdiction. Despite occasional shortcomings in specific areas, this text does provide a detailed, up-to-date and quite comprehensive overview of the convoluted mess of American privacy law. copyright Robert M. Slade, 2008 BKBUPRLH.RVW 20081123