Data privacy, also known as information privacy, generally refers to personal information that is collected, and the rights an individual has to control the data about themselves. Data privacy considers multiple aspects, such as data collection, storage, proper handling, security, and protection. There are many laws and regulations regarding data privacy, and what information can be shared with and without an individual’s consent.
In the United States alone, there are many data privacy laws at both the state and federal level. There are two especially large laws around personal information at the federal level. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 defines how personally identifiable information (PII) and health information (including diagnoses and biological data) can be shared and added requirements around data security and steps that must be taken when dealing with PII. The Children’s Online Privacy Protection Act (COPPA) was passed in 1998 and was designed around protecting the PII of children, specifically prohibiting companies from collecting PII of those under the age of 12 without verifiable parental consent. At the state level, the California Consumer Privacy Act (CCPA), enacted in 2018, is one of the few acts that specifically addresses data privacy. CCPA aims to enhance consumer protection and their right to privacy by requiring organization who are gathering data to disclose what data is being gathered, if it is being sold and to whom, as well as having the ability for individuals to access this same data, along with the right to decline any sale of their data or to request that a business deletes their information.
In the European Union (EU) the General Data Protection Regulation (GDPR) is a data protection law requiring that businesses not only allow consumers (referred to as “data subjects”) to access, delete, or opt out of their data collection, but to also correct inaccurate data, and require explicit consent for information collection. The GDPR aims to ensure that a data subject can clearly understand what information is collected as well as how it is being used, while maintaining control over the data itself.
Understanding data privacy legislation is important for any organization that is gathering data. Organizations have a responsibility to thoroughly protect data, and to ensure that sensitive data is only used in an approved manner. Consumers rely on businesses to make sure that their data is not used maliciously. Ensuring data privacy at collection and in storage is a necessity in today’s world.
Proper data privacy handling can benefit organizations by: