Even if you consider it as an intrusion in your privacy, the national and state government knows a lot about us. Each of the US states has huge information regarding its citizens, including personally identifiable information like Social Security numbers, tax, and financial information, driver’s license information. HIPAA security policy deals with Protected Health Information, but the US does not have any single, comprehensive national law to regulate the collection and use of personal data. On the contrary, the United States incorporates a patchwork system of laws and regulations that make security as a compulsion.
European Union’s General Data Protection Regulation (GDPR) law protects the information of the EU citizens. Let us now consider how the US is protecting our data as well as the organization and business requirements for data security.
Federal data protection:
The US has several federal privacy-related laws that check the collection and use of personal data. The prominent federal privacy laws are as follows:
1. The Federal Trade Commission Act:
This protection law prevents unfair or deceptive practices and applies to offline and online privacy and data security policies. The FTC has enforced the Act for companies that fail to comply with posted privacy policies and disclosure of personal information. This law also prohibits the online collection of information from children.
2. The Health Insurance Portability and Accountability Act (HIPAA):
HIPAA privacy policy is applicable to the health care provider, data processor, pharmacies, and other business associates or third parties that deal with health information. The law states the rules regarding the collection and sage of the protected health information. HIPAA Compliance Certification is also concerned with electronically protected health information. The HIPAA rules also concern the electronic transmission of medical data.
3. The Financial Services Modernization Act:
This law deals with the collection, use, and disclosure of financial information. It is broadly concerning financial institutions like securities firms, banks, insurance firms, and other organizations that provide financial services and products. It prohibits sharing the non-public personal information and in certain cases, it also requires to serve notice by the financial institutions of their pattern of working, privacy practices, and opportunity for the data subjects to deal with the non-sharing of their information. There are several other rules by the national banking agencies on privacy matters, like the Safeguard Rule, Disposal Rule, and Red Flag Rule.
4. The Fair Credit Reporting Act and Fair and Accurate Credit Transactions Act:
Itapplies to consumer reporting agencies that are concerned with consumer reports and the ones who deal with consumer reporting information. Consumer reports are communication issued by a consumer reporting agency that associates with the consumer’s creditworthiness, credit capacity, credit history, a general reputation that is the base for consumer’s eligibility for credit or insurance.
5. Controlling the Assault of Non:
Solicited Pornography and Marketing Act- This act complies with the collection and use of email addresses and telephone numbers.
There are several other laws and penalties that deal with the protection of personal information.
Comments are closed.