Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

What privacy regulations should enterprises follow?

The U.S. government has been criticized for its lack of updated privacy regulations. Expert Mike Chapple advises enterprises that want to bolster their privacy policies.

The U.S. government has come under fire lately for having outdated and obsolete privacy regulations and laws that...

haven't kept up with the Internet as well as mobile and cloud technologies. For organizations that are concerned about Internet privacy and are looking to craft solid customer privacy policies, are there other resources -- such as industry consortiums or NGOs -- that could offer standards and best practices?

Privacy regulations in the United States have long come under fire by privacy advocates. Unlike European Union countries, the U.S. does not have an overarching privacy regulation that comprehensively protects personally identifiable information. Instead, the U.S. takes the approach of regulating specific industries and categories of information with a patchwork of overlapping privacy regulations. For example, HIPAA governs healthcare information, but only when it is used by healthcare providers, health insurers, health information clearinghouses or the business associates of any of those entities. Similarly, the Gramm-Leach-Bliley Act protects financial information, but only when it is in the hands of a financial institution.

There's no single resource for recommended privacy regulations to follow, but organizations seeking to bolster their privacy practices may wish to look to the Federal Trade Commission's Fair Information Practices as guidelines for protecting the privacy of personal information. The four recommended practices are:

  • Notice: Organizations should provide individuals with clear information about their information practices.
  • Choice: Organizations should provide individuals with the ability to provide and withdraw consent for the use of their information.
  • Access: Individuals should have reasonable access to the personal information that organizations collect about them.
  • Security: Organizations should take reasonable steps to safeguard personal information in their custody.

These four practices provide a strong foundation for the privacy regulations of organizations collecting information from and about individuals.

Ask the Expert:
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today. (All questions are anonymous.)

Next Steps

Learn how to balance mobile device privacy and security

Find out the best way to protect sensitive information while traveling

Discover how ISO/IEC 27018 affects PII privacy

This was last published in February 2016

Dig Deeper on Data security strategies and governance

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Is your organization concerned about privacy regulations? Why or why not?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close