kantver - Fotolia
What privacy regulations should enterprises follow?
The U.S. government has been criticized for its lack of updated privacy regulations. Expert Mike Chapple advises enterprises that want to bolster their privacy policies.
The U.S. government has come under fire lately for having outdated and obsolete privacy regulations and laws that haven't kept up with the Internet as well as mobile and cloud technologies. For organizations that are concerned about Internet privacy and are looking to craft solid customer privacy policies, are there other resources -- such as industry consortiums or NGOs -- that could offer standards and best practices?
Privacy regulations in the United States have long come under fire by privacy advocates. Unlike European Union countries, the U.S. does not have an overarching privacy regulation that comprehensively protects personally identifiable information. Instead, the U.S. takes the approach of regulating specific industries and categories of information with a patchwork of overlapping privacy regulations. For example, HIPAA governs healthcare information, but only when it is used by healthcare providers, health insurers, health information clearinghouses or the business associates of any of those entities. Similarly, the Gramm-Leach-Bliley Act protects financial information, but only when it is in the hands of a financial institution.
There's no single resource for recommended privacy regulations to follow, but organizations seeking to bolster their privacy practices may wish to look to the Federal Trade Commission's Fair Information Practices as guidelines for protecting the privacy of personal information. The four recommended practices are:
- Notice: Organizations should provide individuals with clear information about their information practices.
- Choice: Organizations should provide individuals with the ability to provide and withdraw consent for the use of their information.
- Access: Individuals should have reasonable access to the personal information that organizations collect about them.
- Security: Organizations should take reasonable steps to safeguard personal information in their custody.
These four practices provide a strong foundation for the privacy regulations of organizations collecting information from and about individuals.
Ask the Expert:
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today. (All questions are anonymous.)
Learn how to balance mobile device privacy and security
Find out the best way to protect sensitive information while traveling
Discover how ISO/IEC 27018 affects PII privacy
Dig Deeper on Data security and privacy
Related Q&A from Mike Chapple
Stateful vs. stateless firewalls: Understanding the differences
Examine the important differences between stateful and stateless firewalls, and learn when each type of firewall should be used in an enterprise ... Continue Reading
Wired vs. wireless network security: Best practices
Explore the differences between wired and wireless network security, and read up on best practices to ensure security with or without wires. Continue Reading
The difference between AES and DES encryption
Choosing to encrypt confidential data with AES or DES encryption is an important cybersecurity matter. Learn about the important differences between ... Continue Reading