Data protection is a big deal. In fact, failure to keep peoples’ information safe can cost you big time. Just ask the folks over at Equifax—who were ordered to pay up to $425 million to assist the 147 million people who were affected by their 2017 data breach.
While your business probably isn’t working on this large of a scale, it’s still critical to stay up to date on data protection laws and ensure you’re following them. Otherwise, you could find yourself on the wrong end of a pretty serious lawsuit.
Here are some of the most important things you need to know about privacy and data protection rules in the United States.
FTC Regulations
First, it’s important to note that the United States doesn’t have one single federal privacy law similar to the EU’s GDPR. Instead, business owners in the United States have to deal with a patchwork of various laws that may or may not apply to them.
The broadest privacy rules are set forth by the Federal Trade Commission (FTC) under its authority to prevent “deceptive” or unfair trade practices. It doesn’t explicitly provide guidance for privacy policies but it does take actions and issue regulations to protect consumers.
Some things that could get you in trouble with the FCC include:
- Failing to follow a published privacy policy
- Failing to implement and maintain reasonable procedures to protect customer’s and employee’s privacy
- Engaging in misleading advertising practices
- Failing to provide sufficient security for people’s personal data
- Misrepresenting or lying about your privacy measures
- Transferring personal information in a manner not disclosed on the privacy policy
This is not an exhaustive list. However, the takeaway here is that you should have an honest and straightforward policy in place and make sure you’re doing what it says.
Sector-Specific Laws
There are federal laws in place that govern online information for specific sectors. Some examples include the Children’s Online Privacy Protection Act (COPPA), which regulates the collection of information about minors, and the Health Insurance Portability and Accounting Act (HIPPA), which governs the way health information is collected and managed. The Gramm Leach Bliley Act regulates the collection of personal information by banks and financial institutions, and the Fair Credit Reporting Act regulates how credit information can be collected and used.
Businesses in these sectors must take extra precautions to ensure their data is secure, whether they’re dealing with paper records or storing it in the cloud. Violations of sector-specific privacy rules can have serious consequences.
State Data Protection Laws
In addition to Federal regulations, there are also currently 25 U.S. states that oversee data privacy laws. Two of the biggest are the California Consumer Privacy Act (CCPA) and the New York SHIELD Act.
If you live in a state that has set forth its own rules, you’re required to follow them in addition to the rules discussed above.
Protect Your Data Properly
Once you understand the most important data protection laws, you also need to make sure you adhere to them. Working with a professional IT company is one of the best ways to ensure you’re equipped to protect your customers’ data.
Inception Network Strategies is here to help! Contact us today to learn more.