by Stephen Dix
Privacy protection, as opposed to data security, is an area that is sure to keep growing as our lives become more and more tied to data collection services. Every state and most countries have Data security laws that require notification in the event of a data breach. Privacy protection is a different matter: it involves the right to have personal information protected from unwanted dissemination. As more and more privacy protection laws are being put into place, it is incumbent upon businesses to be sure they are providing notices to their customers that meet the requirements of those laws.
Given the requirements under the law that went into effect in California in January of last year, even if your company does not strictly meet the criteria that would make it directly responsible for compliance, if you are working with a company that does, that company’s obligations may flow through to yours. In addition to California, Nevada and Maine have already enacted privacy laws that require specific opt out terms for the gathering of personal information, and several other states have begun the process of enacting legislation to protect personal information. Likewise, if your company is soliciting business in the European Union or if you are working with a company that does, you may be subject to the GDPR, the General Data Protection Regulation. While it would be terrific if we could have a single national policy on this, it is not likely to be in place any time soon.