5 Things to Know About Data Privacy

If you search for someone’s name online, a lot of information about them might appear. These are often things that they have put online themselves. For example, you might see social media profiles or blogs they maintain. There are also pieces of personal information that are public records, like someone’s address. 

Then, there are things that should be legally protected. Every country has enacted some type of data privacy law. 

These laws regulate the collection of information, how you’re informed about the collection of your information, and the level of control you maintain over the information. If a company or entity doesn’t follow data privacy laws, it can lead to fines, civil lawsuits, or the blocking of the site’s use. 

The following are some of the important things to know about data privacy. 

1. Federal Laws Govern The Collection of Online Information

There are some key federal laws in place that regulate how your information can be collected and shared online. 

One is the Fair Credit Reporting Act (FCRA). This regulates how your credit information is collected and used. [One method to protect your data privacy is by faxing personal documents. Fax machines encrypt the sent data, making it impossible for others to read and intercept it.] It can be relevant to financial institutions and also employers. If someone applies for a job and the employer wants to learn more about their background beyond just searching their name online, they have to follow the FCRA guidelines, for example. 

Other federal laws relating to the collection of information online are:

• The Children’s Online Privacy Protection Act (COPPA): Governs the collection of information about minors. 
• The Health Insurance Portability and Account Act (HIPAA): Covers how health information is collected and shared. 
• The Gramm Leach Bliley Act (GLBA): The law covers the collection of personal information by banks and financial institutions. 

2. The American Data Privacy Act (ADPPA) Is Being Proposed

There has been many proposals over the years for a more in-depth federal law governing data privacy in the United States, but none has made it as far as the proposed American Data Privacy Protection Act (ADPPA). 

Until it passes, there’s a patchwork of laws and regulations for different sectors. 

The Federal Trade Commission (FTC) is one of the key enforcement agencies, and it does have the authority to issue regulations and enforce privacy laws. The FTC can take action against organizations that don’t implement and maintain measures for reasonable data security or don’t follow a published privacy policy. The FTC might also take action against an organization that transfers personal information in a way that isn’t disclosed in the privacy policy. 

3. There Are Some State Laws

Many states have enacted their own data security and privacy laws. U.S. state attorneys general will often oversee these laws, which can govern the storage, collection, and use of personal data. 

There is a big push toward more privacy legislation at the state level in many places. 

California has been leading the way here. The California Consumer Privacy Act (CCPA) went into effect in 2020. It’s cross-sector legislation with broad individual rights for consumers. There are duties imposed on people and entities collecting personal information from or about California residents. 

The duties mean that data subjects have to be alerted when their data is collected and told how. They must have the ability to access their information and delete or correct it. The website collecting the data has to clearly disclose this in a privacy policy. 

There’s also the California Privacy Rights Act (CPRA), which gives consumers the right to limit the use and disclosure of sensitive personal information, among other things. 

4. Data Privacy and Security Aren’t the Same

While they’re sometimes used interchangeably, there’s a difference between data privacy and security. 

Data privacy is what’s focused more on the rights of individuals. This encompasses how your data is collected and why, and it includes your preferences for privacy. Data privacy can include how individual data is processed, shared, archived, and deleted. 

By contrast, data security is a set of standards and protections organizations take to prevent third parties from gaining unauthorized access to digital data. The focus of data security is protecting from malicious attacks that can allow for stolen data to be used. 

5. Why Data Privacy is Important

Finally, data privacy is important on an individual level because it gives you control over your data. You’re empowered to know how your data is being used, who’s using it, and why. When an organization is collecting your personal data, they need to have a clear response to questions you have about its use, and they need to be compliant.