Who is Protecting my Personal Info?
Updated: Jan 23, 2019
Who is protecting your personal information that is being stored online?
The answer is federal laws, statutory authority, and also the choices you make.
In the US, there is no single, comprehensive federal (national) law regulating the collection and use of personal data. There is however a large selection of federal privacy-related laws that regulate the collection and use of personal data. These laws, aimed at specific sectors, protect those potentially affected. Some sectors are related to information such as financial or health information, or electronic communications. Others apply to activities that use personal information, such as telemarketing and commercial e-mail.
With the help of Westlaw.com* we have created a small list of some of the main federal privacy laws:
The Federal Trade Commission Act (15 U.S.C. §§41-58) (FTC Act) is a federal consumer protection law that prohibits unfair or deceptive practices and has been applied to offline and online privacy data and security policies.
The Financial Services Modernization Act (Gramm-Leach-Bliley Act (GLB)) (15 U.S.C. §§6801-6827) regulates the collection, use and disclosure of financial information.
The Health Insurance Portability and Accountability Act (HIPAA) (42 U.S.C. §1301 et seq.) regulates medical information
The HIPAA Omnibus Rule also revised the Security Breach Notification Rule (45 C.F.R. Part 164) which requires covered entities to provide notice of a breach of protected health information.
The Fair Credit Reporting Act (15 U.S.C. §1681) (and the Fair and Accurate Credit Transactions Act (Pub. L. No. 108-159) which amended the Fair Credit Reporting Act) applies to consumer reporting agencies, those who use consumer reports (such as a lender) and those who provide consumer-reporting information (such as a credit card company) which requires covered entities to provide notice of a breach of protected health information.
The Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act) (15 U.S.C. §§7701-7713 and 18 U.S.C. §1037) and the Telephone Consumer Protection Act (47 U.S.C. §227 et seq.) regulate the collection and use of e-mail addresses and telephone numbers, respectively.
The Electronic Communications Privacy Act (18 U.S.C. §2510) and the Computer Fraud and Abuse Act (18 U.S.C. §1030) regulate the interception of electronic communications and computer tampering, respectively.
In 2016, Congress enacted the Judicial Redress Act, giving citizens of certain ally nations (notably, EU member states) the right to seek redress in US courts for privacy violations when their personal information is shared with law enforcement agencies.
There are also laws at the state level which are focused on protecting the privacy of individual users. As of March 28, 2018, all 50 states, as well as the District of Columbia, Puerto Rico, and the US Virgin Islands have enacted laws requiring notification of security breaches involving personal information.
The type of information protected varies between statutes. Typically, though, they apply to information that makes you identifiable as an individual user. They seek to protect against misuse or unauthorized access to personal information, and require encryption of personal data when transferring data over the internet or through storage devices. This can be your Social Security number, driver’s license number, financial account number, medical or health information.
Some bills advanced or introduced in the 115th Congressional term (Jan. 2017 – Jan. 2018) include:
H.R. 387 (Email Privacy Act).
H.R. 2454 (Department of Homeland Security Data Framework Act of 2017).
H.R. 2356 (Managing Your Data Against Telecom Abuses Act of 2017, or the MY DATA Act of 2017).
H.R. 2520 (Balancing the Rights of Web Surfers Equally and Responsibly Act of 2017, or the "BROWSER Act").
The Gramm–Leach–Bliley Act (GLB Act)
The FTC's Behavioural Advertising Principles
Whew. That was a lot of lists.
Here's the part that you really need to know: you can decrease the vulnerability of your personal data by taking simple security measures.
Use complex passwords. This means over 12 characters, non-pronounceable, with special characters, lowercase and uppercase lettering.
Use different passwords for all of your accounts! This way if one is breached, the rest will be safe.
Switch out your passwords every couple of months!It's a hassle, but it's even more of a hassle to have a security breach.
Be on the lookout for a blogpost in the upcoming months where dive into more detail on how to secure your personal data! And if you have any questions on any of this information please talk to us by calling 855-728-6824.
*With much appreciation we used http://bit.ly/2FeNE4f as a source for much of this information.