Going Global - Information Security Magazine


	Home > Information Security Magazine > Features > Going Global

EMAIL THIS

Information Security Magazine

CURRENT ISSUE

FEATURES

COLUMNS

HOT PICK & PRODUCT REVIEWS

ARCHIVES

SUBSCRIBE/RENEW

Going Global

by Jody R. Westby

Issue: Feb 2007


		printer-friendly

< PREV PAGE | 1 | 2 | 3 | 4 | 5 | 6 | 7 | NEXT PAGE >

U.S. Approach
Since the U.S. does not have an omnibus, overarching privacy law like the DP Directive, its officials like to claim that it has a simple privacy framework. But in reality, the U.S. has the most complex privacy laws in the world.

The U.S. uses a sectoral approach to privacy, protecting certain kinds of industry data, such as financial and medical and health information, through self-regulation and regulatory enforcement actions. The U.S. also protects various types of information under both federal and state laws, such as school records, insurance documents, driver's license and cable television records, credit information, employment data, Social Security numbers, mailing lists and telephone records.

[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] Privacy Resources [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
Check out these sites for more information on global privacy regulations.

U.S. Safe Harbor program
www.export.gov/safeHarbor/sh_overview.html

U.S. Federal Trade Commission
www.ftc.gov/privacy/index.html

EU Data Protection Directive
http://ec.europa.eu/justice_home/fsj/privacy/index_en.htm

Council of Europe Cybercrime Convention
http://conventions.coe.int/Treaty/EN/Treaties/Html/185.htm

END: sidebar content -->
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]

The only omnibus protections to personal data are those granted through the Privacy Act of 1974, which only applies to personal information collected by the U.S. government. In addition, because the U.S. is a "common law" jurisdiction, it has another layer of privacy law that has been created through court decisions and administrative orders.

Since the privacy uproar two years ago over Choice-Point's sale of consumer PII to a criminal organization, state action has been propelling privacy in the U.S., particularly in the area of security breach notification laws. At that time, California was the only state to require notification of unencrypted PII that was subject to a breach. By last October, 33 more states had passed some form of breach notification law.

Consistency, however, is not a hallmark of these laws. Some have strong consumer protections, requiring prompt notification, whereas others are "risk-based" with some analysis of risk of harm determining whether notification is required. In addition, some laws apply to private sector entities or state agencies, but not both, and others may exempt certain entities, such as financial institutions.

< PREV PAGE | 1 | 2 | 3 | 4 | 5 | 6 | 7 | NEXT PAGE >

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy