Businesses collect various information from their customers in order to provide better and more efficient and tailored services. To prevent these data from being exposed and stolen, different authorities have developed regulations for the express purpose of safeguarding consumer data privacy. In this blog, we’ll discuss the data regulations that businesses in the United States must know about.
At present, there is no comprehensive federal data privacy law in the US, although there are standards and regulatory bodies that govern particular industries and types of information. One such authority is the Federal Trade Commission (FTC), which is empowered to protect consumers through the FTC Act. Although the FTC doesn’t regulate privacy policies, it does take action against organizations that failed to safeguard consumer information and comply with their respective industries’ data regulations.
Another relevant authority is the Federal Communications Commission (FCC), which regulates all interstate and international communications over radio, cable, satellite, television, and wire. In January 2022, the FCC proposed new notification requirements for internet service providers (ISPs) that suffered a data breach. Under the new rules, ISPs no longer have to wait seven days before informing customers of the breach. They are also required to report the incident to the FCC, in addition to the FBI and Secret Service.
The following are some of the other federal laws that govern the collection, usage, and protection of specific types of customer data:
- The Health Insurance Portability and Accounting Act (HIPAA) applies to protected health information (PHI).
- The Children's Online Privacy Protection Act applies to all information on minors.
- The Gramm-Leach-Bliley Act applies to information gathered by banks and financial institutions.
- The Fair Credit Reporting Act applies to credit information.
State-level data privacy laws
Several states have enacted data privacy laws that cover businesses and individuals within their respective jurisdictions. Among the first to create such laws were the states of California, Colorado, and Virginia.
The state of Texas has the Texas Medical Records Privacy Act (TMRPA), although this is not as broad as those developed in the aforementioned states. Like HIPAA, the TMRPA is concerned with protecting the security and integrity of PHI. It covers all organizations that handle and store the PHI of individuals from Texas, even those companies that may not be covered under HIPAA.
Many of the TMRPA’s components are similar to those in HIPAA’s. For instance, individuals have the right to access and obtain a copy of their PHI, as well as set limits on how the information is used. The TMRPA does not offer specific guidelines for notifying customers of breaches — rather, these guidelines are contained in Texas’s breach notification rules.
Data privacy laws abroad
Some countries have data privacy laws that American companies must observe if these businesses handle the data of people from those territories. A good example of these is Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD).
The LGPD assures Brazilian citizens of the right to access their data and be informed about how their information was used and to whom it has been shared. They can also revoke consent to processing their personal information and have it erased. Noncompliance with the LGPD can result in hefty fines amounting to several million dollars.
If you do business in any country in the European Union (EU), then you must be familiar with the General Data Protection Regulation (GDPR). Touted as the toughest data privacy law in the world, the GDPR ensures that EU citizens have control over how their personal data is used. The law is also being continuously updated to accommodate new technologies, development, platforms, and potential risks.
Being aware of and following data privacy laws are crucial to your business’s survival and success. At Safebit , our IT experts can help you stay compliant with these rules by augmenting your company’s cybersecurity posture. Call our specialists today to get started.