About 60% of Americans now believe it’s impossible to go through daily life without getting their data collected. If you have your own business, it may help you to pay close attention to what your business is actually doing with any data it has.
Are you someone that is trying to implement data best practices in your business? If you’re a small business owner, it’s crucial to understand what type of data safety (and data security) measures are in place.
In addition to this, you have to make sure that you’re following the law. A cybersecurity audit from professionals can help with this. But, it’s important to understand your role in the matter as well as the owner of the business.
Keep reading to learn about some of the data privacy laws that impact US (and EU) consumers that you need to understand.
US Privacy Act of 1974
This was right around the time when databases were starting to make their way onto computer technology. Congress was worried about this data getting misused when held by the government.
As a result, they passed the landmark US Privacy Act of 1974. This contains important restrictions and rights that the US government (and its agencies) have on the data they hold.
The main things to know about this act include:
- US citizens can access and copy certain data held by government agencies
- US citizens can correct information as needed
- Agencies must follow data minimization principles when collecting data
- People can access most data on a “need to know” basis only
- Agencies cannot share information with any other agencies (unless certain conditions apply)
These are what laid the groundwork for many future privacy laws in the US, so it’s important to understand that this is where it all started!
HIPAA, COPPA, and GLBA
HIPAA was passed in 1996 as a way to help regulate health insurance and the healthcare industry. It is a complex law that includes security and data privacy sections.
In addition to many other things, HIPAA requires health organizations to evaluate their data practices. They also must put safeguards in place to limit inappropriate access to patient health information.
COPPA, which stands for the Children’s Online Privacy Protection Act, is meant to help regulate data collection from minors.
Online companies can’t ask for personal information from anyone under 12 years old without parental consent. There were updates to this law about ten years ago to expand its reach.
The Gramm-Leach-Bliley Act (GLBA) is from the 1990s, and it relates to banking and finances. In this huge act, there are many data privacy and security requirements specific to consumer financial data.
This law is meant to protect nonpublic personal information, which is part of the reason that banks have to mail out data privacy notifications or changes in their privacy agreements.
General Internet Privacy: Where’s the Law?
Outside of the specific industry-related laws that were described previously, the internet is not federally regulated as far as tech or social media companies go. Certain US states, such as California, Virginia, and Colorado, are finally making state-specific laws, but this still doesn’t impact the rest of the US population.
You may know that the US government has still been able to issue fines to some of the tech giants, such as PayPal or Facebook, so how is this possible without federal data laws? Under the FTC Act of 1914, companies are not allowed to engage in “unfair or deceptive acts or practices.”
The FTC has worked to take on false advertising by some American brands, and their role, in this case, is similar.
They looked at the misleading information provided by tech and social media companies regarding the data they collected, what they said they’d do with it, and whether or not users could restrict access. For instance, Facebook told users that they wouldn’t sell their data or that users could restrict access to data, but they did it anyway. The FTC has been in battle with Facebook for years for this reason, as well as their anticompetitive conduct.
US Privacy vs. EU Privacy
While the US doesn’t yet have a federal consumer data privacy law, the EU does with the General Data Protection Regulation (GDPR).
This law functions only slightly differently for various types of businesses because it comes down to what type of data is collected and what is being done with it.
The GDPR policy for small businesses, as an example, helps businesses stay on top of how they communicate, obtain consent, and market to their consumers (among other things). This is helpful to keep products and services transparent to consumers, but it also allows consumers to have more say over what happens with their data.
Remember, it’s all about security and privacy.
What About the UK?
Since Brexit, the UK had to come up with its own data protection law. the UK Data Protection Act of 2018 is basically the post-Brexit version of the GDPR. The act was passed in the UK, and it integrates the GDPR into its nationwide law.
Some of the policies in the UK GDPR are adapted for their local business activities, but many of the policies remain the same.
Know These Data Privacy Laws to Keep Customers Safe
As you can see, there are variations across the globe in consumer data privacy laws. But, the US still doesn’t have a federalized law that covers each citizen.
Depending on the type of business you’re in, it’s important to make sure that you’re paying attention to data use. This is true so that you stay within the confines of existing law but also so that you don’t take advantage of your consumers’ data.
If you found this article useful, be sure to take a look at the rest of our website for more just like it!