Lock icon superimposed over circuitry, representing data privacy.

Data Privacy: What’s the Big Deal? – Tech Tip for February 4, 2020

Data privacy is on everyone’s mind and for good reason. With the simultaneous rise of security breaches and social media, many consumers today are worried that their personal data is going to fall into the wrong hands. That’s why many countries are creating new privacy laws that have major implications for all businesses.

To help you understand what these rules are, how to ensure compliance, and what you can do to protect your own privacy, we are making data privacy the theme of the month. And this week, we want to define some key concepts like what data privacy means and what type of “data” we are referring to. We also are going to define major legislation that is emerging to accommodate the rise in data protection needs.

What is data privacy?

At its most basic level, data privacy (also known as information privacy) governs how an organization or individual collects, shares, and uses data. But what data are we talking about? 

Data is intangible and we often don’t actively hand it over. When we talk about “data privacy” we’re really referring to personal information that a company collects each time we go to their website, use their application, etc. And we label it ‘personal’ because it could potentially be used to identify you as an individual. This is different than public information, which is essentially any general information that has been publicly disclosed and isn’t specific to any one individual.

What are data protection laws? 

Today, data privacy is regulated by national laws and industry requirements. For example, the European Union has the General Data Protection Regulation (GDPR), in force since May 25, 2018. This legislation lays out a range of rules that protect an individual’s right to know what data companies are collecting and storing on them. It also gives them the right to determine how a company can use it. The United States, however, does not have a comprehensive information privacy law. Rather, the country has rules for different states and industries.

Data Protection Laws in the United States

At this time, there is no single regulatory authority dedicated to overseeing data protection law in the United States. Rather, at the federal level, different privacy requirements apply to different industry sectors and data processing activities. And there are also individual state laws that address specific data uses.

For example, the state of California has the California Consumer Privacy Act, or CCPA, that went into effect on January 1, 2020. This law requires a notice when an organization collects personal information from individuals in the online and mobile context.

Other federal laws that require a privacy notice are The Children’s Online Privacy Protection Rule (COPPA),Fair Credit Reporting Act, and the Fair and Accurate Credit Transactions Act. These impose several requirements on consumer reporting agencies to provide notices including the context of written disclosures.

 Other important legislation to know:

  1. Gramm-Leach-Bliley Act (GLBA) requires financial institutions to provide privacy notices and explain to customers how they share and protect their private information. 
  2. In healthcare, there is also the Health Insurance Portability and Accountability Act (HIPAA) which sets forth specific steps that cover entities and their service providers to ensure the confidentiality, integrity, and availability of electronic health records.

Do you want to better acquaint yourself with the changing privacy laws in the US? Check out this complete list of state-based privacy legislation.