Privacy – Structure of US Data Privacy Laws and Regulations

Structure of U.S. Data Privacy Laws and Regulations

Privacy law in the US is a patchwork of ad hoc legislation on both the federal and state levels targeting certain industries (e.g. financial institutions); types of data (e.g. medical records, data in electronic format); certain groups (e.g. children, movie renters); and certain entities (e.g. publicly traded companies, communication service providers).   The bottom line is there is no general privacy law – rather the laws tend to be subject matter specific.  In addition, there can be subject matter legislation on the Federal and State level – with each state having its own set of laws.  So what are you looking out for?  Well let’s get down to the practical – first and foremost, you will need to identify what existing Federal and State statues may apply to your business.  To do that you will need to understand where and how you collect and use PII.  Once you’ve determined that a statute applies to your business, you’ll need to find any guidelines or administrative regulations that have been issued under such rules.  Finally, you’ll need to pay attention to the guidance offered by the enforcement efforts of various administrative agencies (e.g. Federal Trade Commission and state consumer protection authorities). Done? Well not quite.  Privacy concerns should fall into two main buckets:  how you use PII and how you protect PII.  Questions you are going to need to address are:  Do I need to have a privacy policy?  If yes, how will you define your use of PII?  How will you protect the PII?  What are your responsibilities if  PII is breached?   Remember, the only thing worse than not having a privacy policy when one is required is having a privacy policy your company does not comply with.  You know a picture is worth a thousand words so here is a summary.

Next installment, Privacy – Structure of Foreign Data Privacy Laws and Regulations, and remember, ALWAYS CONSULT AN ATTORNEY FIRST.

About ebizlawyer

Laurence Associates has extensive experience in outsourcing, internet law, software, computer systems, data protection, information security, privacy and corporate services both from the customer and vendor perspective. Elaine Laurence, the founding Principal of Laurence Associates, has unique expertise in understanding and handling transactional issues facing financial services institutions and small businesses. For more information visit my website at:
This entry was posted in Small Business Advice, Start-up and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s