Are your privacy policy and practices adequate? Given a new wave of state-level data privacy laws, companies that collect customer information should consider whether updates are required. This applies especially to companies that do business online or use wireless devices to harvest personal information.

Customer Information and Data Privacy Law Prior to New Wave

There is no uniform or single body of law in the United States governing data privacy protection in the context of information collected from customers.

[1] Instead, there is a patchwork of federal and state laws that may apply to a company’s data collection and retention efforts depending on the type of activities performed by the company.[2] Typically, these laws apply to specific industry sectors, such as healthcare providers and financial institutions, to protect specific populations, such as minors, or to specific types of information.[3] Policy experts have referred to these laws as being grounded in a framework based on ‘”harm-prevention.”

Where sectoral special privacy laws don’t apply, the only federal law of general application is the Federal Trade Commission Act, which allows the Federal Trade Commission to force companies to abide by their own online privacy policies and to challenge certain data practices as unfair or deceptive.[4] To date, unless a specific data protection law applies, a company’s data collection activities are largely unregulated.[5] Thus, the content of most privacy policies has been driven by an interest in obtaining customer consent to avoid litigation[6] and by market dynamics.

Growing Body of State Law Comprehensive Regulating Data Privacy
Read More