kantver - Fotolia

What privacy regulations should enterprises follow?

The U.S. government has been criticized for its lack of updated privacy regulations. Expert Mike Chapple advises enterprises that want to bolster their privacy policies.

The U.S. government has come under fire lately for having outdated and obsolete privacy regulations and laws that haven't kept up with the Internet as well as mobile and cloud technologies. For organizations that are concerned about Internet privacy and are looking to craft solid customer privacy policies, are there other resources -- such as industry consortiums or NGOs -- that could offer standards and best practices?

Privacy regulations in the United States have long come under fire by privacy advocates. Unlike European Union countries, the U.S. does not have an overarching privacy regulation that comprehensively protects personally identifiable information. Instead, the U.S. takes the approach of regulating specific industries and categories of information with a patchwork of overlapping privacy regulations. For example, HIPAA governs healthcare information, but only when it is used by healthcare providers, health insurers, health information clearinghouses or the business associates of any of those entities. Similarly, the Gramm-Leach-Bliley Act protects financial information, but only when it is in the hands of a financial institution.

There's no single resource for recommended privacy regulations to follow, but organizations seeking to bolster their privacy practices may wish to look to the Federal Trade Commission's Fair Information Practices as guidelines for protecting the privacy of personal information. The four recommended practices are:

  • Notice: Organizations should provide individuals with clear information about their information practices.
  • Choice: Organizations should provide individuals with the ability to provide and withdraw consent for the use of their information.
  • Access: Individuals should have reasonable access to the personal information that organizations collect about them.
  • Security: Organizations should take reasonable steps to safeguard personal information in their custody.

These four practices provide a strong foundation for the privacy regulations of organizations collecting information from and about individuals.

Ask the Expert:
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today. (All questions are anonymous.)

Next Steps

Learn how to balance mobile device privacy and security

Find out the best way to protect sensitive information while traveling

Discover how ISO/IEC 27018 affects PII privacy

Dig Deeper on Data security and privacy

Enterprise Desktop
Cloud Computing