Privacy Laws for Online Businesses
Online businesses bear the responsibility of abiding by state and federal privacy regulations that may affect how a business conducts sales and marketing, and how such businesses store and share information about customers.
There are also federal regulations in place that impact all online businesses that operate within the United States. The Children’s Online Privacy Protection Act of 1998 (“COPPA”) requires businesses to obtain parental consent before collecting personal information from children under the age of thirteen. Parents then have the authority to deny businesses from gathering such information. Parents also have the authority to grant access to personal information, but deny a business’s ability to share this information with third parties. Businesses often require users to enter their date of birth before accessing a site in order to ensure compliance with COPPA.
The Fair Credit Reporting Act (“FCRA”) also applies to online businesses, but only those that collect information from private individuals regarding their financial and criminal records. Under the FCRA, such consumer reporting agencies must protect consumers’ private information from unauthorized third parties. These agencies are responsible for generating credit scores and may only provide this score, upon request, to employers and creditors.
Online businesses involved in providing health care information and health care plans, or health care providers that conduct electronic transactions must comply with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). HIPAA prevents such businesses from sharing health care information about an individual with third parties. A business may provide information about its patrons so long as it omits any identifying information about a specific individual. Such identifying information includes a person’s name, relatives, address, social security number, and date of birth.