Further Reading: Sector-Specific Governance: Finance, Health, Education

The sources below provide deeper engagement with the themes introduced in Chapter 24, organized by sector and cross-cutting themes.

Financial Data Governance

Zachariadis, Markos, and Pinar Ozcan. "The API Economy and Digital Transformation in Financial Services: The Case of Open Banking." SWIFT Institute Working Paper No. 2016-001, 2017. A comprehensive analysis of how open banking APIs are transforming financial services, examining the technical architecture, business models, and governance challenges. Directly relevant to the case study on open banking and data portability.

Armour, John, et al. "Principles of Financial Regulation." Oxford: Oxford University Press, 2016. The leading textbook on financial regulation theory. Chapters on market conduct, consumer protection, and systemic risk provide the regulatory theory behind the financial governance frameworks discussed in this chapter. Essential for understanding why financial data is regulated differently from other types.

Financial Stability Board. "Artificial Intelligence and Machine Learning in Financial Services." Basel, 2017. An early and influential report on the use of AI in finance, examining applications in credit scoring, algorithmic trading, fraud detection, and regulatory compliance. The report identifies governance challenges — model risk, explainability, bias — that have become central to financial data governance discussions.

PCI Security Standards Council. "PCI DSS Quick Reference Guide." Version 4.0, 2022. The most accessible introduction to PCI-DSS requirements, covering all twelve requirement categories with practical implementation guidance. Essential for understanding how industry-developed standards function as de facto regulation in the payment card ecosystem.

Health Data Governance

McGraw, Deven, and Kenneth D. Mandl. "Privacy Protections to Encourage Use of Health-Relevant Digital Data in a Learning Health System." npj Digital Medicine 4, no. 2 (2021). An analysis of the tension between privacy protection and data utility in health systems. The authors propose governance frameworks that enable research and clinical improvement while maintaining individual privacy — directly relevant to the HIPAA limitations discussed in this chapter.

US Department of Health and Human Services. "Summary of the HIPAA Privacy Rule." Washington, DC. The official HHS summary of the HIPAA Privacy Rule, providing accessible descriptions of key provisions, patient rights, and covered entity obligations. Essential reference for the chapter's HIPAA analysis.

European Commission. "Proposal for a Regulation on the European Health Data Space." COM(2022) 197. Brussels, May 2022. The full text of the EHDS proposal, which would create a framework for primary and secondary use of health data across the EU. The proposal represents the most ambitious attempt to balance health data sharing for public benefit with individual privacy protection. Directly relevant to Section 24.3's discussion of the EHDS.

Price, W. Nicholson, and I. Glenn Cohen. "Privacy in the Age of Medical Big Data." Nature Medicine 25 (2019): 37–43. A concise analysis of how big data analytics — including machine learning, genomic analysis, and wearable device data — challenge existing health privacy frameworks. The authors identify gaps in HIPAA's coverage and propose governance reforms.

Education Data Governance

Regan, Priscilla M., and Jolene Jesse. "Ethical Challenges of Edtech, Big Data, and Personalized Learning: Twenty-First Century Student Sorting and Tracking." Ethics and Information Technology 21 (2019): 167–179. A critical examination of how ed-tech data practices create new forms of student sorting and tracking — with implications for equity, opportunity, and democratic values. The authors connect ed-tech governance to broader concerns about algorithmic decision-making and social stratification.

Human Rights Watch. "'How Dare They Peep into My Private Life?': Children's Rights Violations by Governments That Endorsed Online Learning During the Covid-19 Pandemic." May 2022. The landmark investigation that revealed the scope of ed-tech surveillance during the pandemic. The report analyzed 163 ed-tech products across 49 countries and found that the vast majority engaged in practices that risked or undermined children's privacy. Essential reading for the pandemic case study.

US Department of Education. "Protecting Student Privacy While Using Online Educational Services: Requirements and Best Practices." Washington, DC, 2014. Official guidance on the application of FERPA and COPPA to online educational services. While pre-dating the pandemic, this document establishes the baseline expectations for ed-tech data governance and identifies the "school official exception" provisions that ed-tech companies rely upon.

Future of Privacy Forum. "Student Privacy Compass." Available at https://studentprivacycompass.org. A comprehensive resource for student privacy law, policy, and practice. Includes state-by-state legislative trackers, model policies, and analysis of emerging issues in educational data governance. Particularly useful for the exercises requiring research into state-level student privacy legislation.

Cross-Sector Perspectives

Nissenbaum, Helen. Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford: Stanford University Press, 2010. Nissenbaum's theory of "contextual integrity" — the argument that privacy norms should match the informational norms of the context in which data is generated — provides the theoretical foundation for sector-specific governance. Her framework explains why health data, financial data, and education data each have distinctive privacy expectations that general-purpose law may not capture.

Solove, Daniel J. "A Taxonomy of Privacy." University of Pennsylvania Law Review 154, no. 3 (2006): 477–564. Solove's privacy taxonomy — information collection, information processing, information dissemination, and invasion — provides a framework for analyzing privacy harms across sectors. Each sector-specific framework addresses a different mix of these harms, and Solove's taxonomy helps explain why.

Cohen, Julie E. "What Privacy Is For." Harvard Law Review 126, no. 7 (2013): 1904–1933. Cohen argues that privacy is not just an individual right but a social necessity — essential for innovation, democratic participation, and the development of selfhood. Her analysis provides theoretical grounding for why sector-specific governance matters: it protects not just individual data but the social conditions necessary for health, learning, and economic participation.

Véliz, Carissa. Privacy Is Power: Why and How You Should Take Back Control of Your Data. London: Bantam Press, 2020. An accessible philosophical argument for robust data governance across all sectors. Véliz's analysis of how data collection enables manipulation, discrimination, and power concentration is applicable to every sector examined in this chapter.

These readings extend the chapter's coverage from regulatory requirements to the theoretical and practical foundations of sector-specific governance. As the textbook moves into Part 5 (Corporate Responsibility), the governance principles developed here — fiduciary duty, confidentiality, minimum necessary access, informed consent — will be translated into organizational practice.