Data Collection and Privacy
The FTC requires that anyone who maintains a commercial website follow its five core privacy protection principles: First, the website must provide notice to consumers about how the website uses personal information. Second, the website must offer a choice as to how such information is used. Third, the website must provide consumers access to the information that is compiled on them. Fourth, the website must ensure that the information is secure. Fifth, the website must provide a mechanism by which users can enforce these principles.
Generally, medical information is subject to protection from disclosure under the Health Insurance Portability and Accountability Act (“HIPAA”). The HIPAA privacy rule provides federal protections for personal health information held by covered entities and gives patients certain and cognizable rights with respect to that information. Also, the privacy rule is balanced in order to allow the disclosure of personal health information that is necessary for patient care and other related purposes.
The Gramm-Leach-Bliley Act (“GLBA”) requires financial institutions (i.e., companies which provide consumers with financial products or services such as loans, financial or investment advice, or insurance) to explain their information-sharing practices and to safeguard sensitive data. Stated otherwise, GLBA regulates the privacy practices of financial institutions and requires them to permit their consumers to opt out of the disclosure of personal information.
The international community has also participated in the enactment of laws related to online privacy. For example, the European Union adopted a Data Protection Directive in 1995 which requires websites which gather personal information to attain clear consent from their customers. Also, on January 25, 2012, the European Commission proposed a comprehensive reform of the European Union’s 1995 data protection rules to strengthen online privacy rights and boost Europe's digital economy. Click here to read more about the European Commission’s recent activities.