In the United States, there is no single comprehensive federal law regulating the collection and use of personal data. The U.S. has a patchwork system of federal and state laws and regulations that sometimes overlap and sometimes even contradict each other. In addition, there are also many guidelines or “best practices” created by various agencies and industry groups that are not enforced, but are considered self-regulatory frameworks.
Some of the most prominent federal privacy laws include:
- The Federal Trade Commission Act. This is a federal consumer protection law that prohibits unfair and deceptive practices and has been applied to offline and online privacy and data security policies. The FTC is also the primary enforcer of COPPA – the Children’s Online Privacy Protection Act – which applies to the online collection of information from children.
- The Financial Services Modernization Act. This regulates the collection, use and disclosure of financial information. It applies broadly to financial institutions and to other businesses that provide financial services and products.
- The Health Insurance Portability and Accountability Act. HIPAA regulates medical information. It applies broadly to health care providers, data processors, pharmacies and other entities that come into contact with medical information.
- The Fair Credit Reporting Act. This applies to consumer reporting agencies – lenders and credit card companies.
- The Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act) The CAN-SPAM act regulates the use of e-mail addresses. There was another Act that also regulated the use of phone numbers.
- The Electronic Communications Privacy Act and the Computer Fraud and Abuse Act. These two regulations govern the interception of electronic communication and hacking.
If you collect, store, or share personal data like emails, names, or payment information, you need to explain what you plan to do with your visitors’ and/or customers’ personal data.
There are many laws at the state level that regulate the collection and use of personal data. Most states have enacted some form of privacy legislation. California leads the way in the privacy arena, with multiple privacy laws, some of which have national reach.
Provide Peace of Mind
Privacy policies should provide peace of mind because they explain clearly what you plan on doing with their personally identifiable information.
Fulfill Third-Party Requirements
The European Union’s General Data Protection Regulation (GDPR)
The European Union’s new GDPR regulation – in full enforcement on May 25, 2018 – safeguards the personal data of individuals in the EU. What is interesting about this regulation is that even though it’s EU-based, it applies broadly to any online entity that may have, either now or in the future, a visitor from the European Union.