Privacy Policies in the Digital World
Depending on where you work or do business, there could be many privacy laws to you should be aware of. This article discusses important privacy laws in the United States, and the European Union's General Data Protection Regulation (GDPR). Note the different aspects that the US Privacy Act of 1974, the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the Children’s Online Privacy Act (COPPA) of 2000, the California Consumer Privacy Act (CCPA), and the GDPR protect. How would you compare the GDPR to the CCPA?
2. Privacy Policy Overview
Privacy policies are legally binding statements that specify how personal data is collected, processed, and stored. As computing power increases allowing for technology to become an everyday tool, the amount of personal data being collected from individuals is exponentially increasing. Personal data can be anything that can be utilized to identify an individual including, but not limited to, an individual’s name, contact information, address, etc. With the idea of big data increasingly becoming a reality, it is imperative to ensure that proper privacy policies are in place. Privacy policies ensure the security of the collected data and guarantee the use of data follows only the guidelines shared with the individuals whose data is being collected.
For privacy policies to be effective they should be clear and highly visible. Privacy on the internet is a concern because there is a lot of valuable information being sent and received online. Privacy Policy agreements are mandatory in the United States if any personal data is to be collected. To enforce the need for privacy policies and the proper collection and use of personal data, the Federal Trade Commission (FTC) has enforced state and federal level laws outlining the do’s and don’ts surrounding data collection, data procession, data storage, and data usage. The FTC has outlined five principles to promote fair data collection practices. These principles are commonly referred to as the Fair Information Practice Principles (FIPP), which are:notice/awareness,choice/consent,access/participation,integrity/security,and enforcement/readiness.
The first principle, notice/awareness, requires industries to provide consumers/users with a notice before they can proceed to collect any personal information. Choice/consent outlines the option for the consumer with the option for how their information is used. Access/participation allows consumers to view the data being collected on them and provides them with the opportunity to edit any of the collected data. Integrity/security requires the data collected to be stored in a safe and secure manner. Lastly, enforcement/redress requires that the above four principles are constantly reinforced throughout the entire data collection, processing, usage, and storage process.