The U.S. government has come under fire lately for having outdated and obsolete privacy regulations and laws that...
haven't kept up with the Internet as well as mobile and cloud technologies. For organizations that are concerned about Internet privacy and are looking to craft solid customer privacy policies, are there other resources -- such as industry consortiums or NGOs -- that could offer standards and best practices?
Privacy regulations in the United States have long come under fire by privacy advocates. Unlike European Union countries, the U.S. does not have an overarching privacy regulation that comprehensively protects personally identifiable information. Instead, the U.S. takes the approach of regulating specific industries and categories of information with a patchwork of overlapping privacy regulations. For example, HIPAA governs healthcare information, but only when it is used by healthcare providers, health insurers, health information clearinghouses or the business associates of any of those entities. Similarly, the Gramm-Leach-Bliley Act protects financial information, but only when it is in the hands of a financial institution.
There's no single resource for recommended privacy regulations to follow, but organizations seeking to bolster their privacy practices may wish to look to the Federal Trade Commission's Fair Information Practices as guidelines for protecting the privacy of personal information. The four recommended practices are:
- Notice: Organizations should provide individuals with clear information about their information practices.
- Choice: Organizations should provide individuals with the ability to provide and withdraw consent for the use of their information.
- Access: Individuals should have reasonable access to the personal information that organizations collect about them.
- Security: Organizations should take reasonable steps to safeguard personal information in their custody.
These four practices provide a strong foundation for the privacy regulations of organizations collecting information from and about individuals.
Ask the Expert:
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today. (All questions are anonymous.)
Learn how to balance mobile device privacy and security
Find out the best way to protect sensitive information while traveling
Discover how ISO/IEC 27018 affects PII privacy
Dig Deeper on Data security strategies and governance
Related Q&A from Mike Chapple
It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ...continue reading
The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. ...continue reading
HIPAA regulations incorporate NIST guidelines and standards, so do healthcare organizations need to be compliant with both? Expert Mike Chapple ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.