Data Collection and Privacy
Our law firm focuses on matters related to internet, security, and privacy. The handling of personal data online is complex and necessitates the assistance of a qualified lawyer. Not only for the individual, who may transfer personal information as part of a transaction, but to the website owner who may not know his or her legal rights or responsibilities. Furthermore, given the value of consumer data as it is traded, collected and sold, there are safeguards not only to protect unwitting disclosures, but to protect the reasonable privacy of consumers.
One scenario is the recent idea that an Internet Service Provider (“ISP”) may sell certain information about you to advertisers. However, that kind of personal information is limited by 47 U.S.C. § 222 that prevents common carriers, like ISPs, from divulging identifying information, such as your name, social security number, phone number or address. What is not protected is information like application usage or the visited websites. Thus, an ISP could, under current law, be able to sell some "less protected" data like application or website usage without your consent. However, this varies by the ISP and their terms of service, as some programs that collect and sell data may require an individual opt out after being automatically enrolled. Others may automatically imply consent to the collection and sale of data due to the use of their services.
The FTC requires that anyone who maintains a commercial website follow its five core privacy protection principles:
- Websites must provide notice to consumers about how they use personal information;
- Websites must offer a choice as to how personal information is used;
- Websites must provide consumers access to the information that is compiled on them;
- Websites must ensure that the personal information is secure; and
- Websites must provide a mechanism by which users can enforce these principles.
Our internet security and privacy lawyers may assist an individual through drafting online privacy policies and guiding a website owner towards the various options, protection methods, standards of care and repercussions. Our legal team has an extensive background in matters related to internet, security, and privacy.
Furthermore, medical information is subject to protection under the Health Insurance Portability and Accountability Act ("HIPAA"). The HIPAA privacy rules provide federal protections for personal health information held by covered entities and give patients certain and cognizable rights with respect to that information. Also, the privacy rules are balanced in order to allow the disclosure of personal health information that is necessary for patient care and related purposes.
The State of California has passed other privacy measures such as the "Shine the Light" law which requires a website to inform its users of the third-parties it shares its users' personally identifiable information. This law is also referred to as Senate Bill 27 and is codified under California Civil Code section 1798.83.
The international community has also participated in the enactment of laws related to online privacy. For example, the European Union adopted a Data Protection Directive in 1995 which requires websites which gather personal information to obtain consent from their customers. Also, on January 25, 2012, the European Commission proposed a comprehensive reform of the European Union's 1995 data protection rules to strengthen online privacy rights and boost Europe's digital economy. Please click here to read more about the European Commission's recent activities.
Our law firm focuses on internet, security, and privacy-related issues at the state, federal, and international levels. Due to the ever-increasing complexity between online privacy measures, and the increased globalization resulting from the internet, an internet security and privacy attorney is a necessity. In order to speak with an attorney, you may contact us for an initial consultation.