Until doing the research for this series of articles, I did not have an appreciation for the value and importance of online privacy policies. Don’t get me wrong, I have always been careful about which websites I use for online purchases or online bill-pay. For instance, before doing business online, I always make sure a site uses encryption for secure transactions and I typically only use well known, credible websites. Also, I never use a debit card online; only credit cards. That provides recourse in the event some type of fraud takes place. However, I must admit, when downloading a free whitepaper or registering for a technical forum or newsletter, I have shared my primary email address and postal address and sometimes even my date of birth. In hindsight, that was not a good idea.
From a regulatory perspective, there are different types of privacy policies. While a common element is the safeguarding of sensitive personal information, the type of information, applicable laws, and compliance requirements can vary. The table below shows examples of personal information types and the primary associated laws.
|Information Type||Primary Applicable Federal Laws|
|Personally-identifiable information (PII)||Federal Trade Commission Act Children’s Online Privacy Act|
|Personal financial information held by financial institutions||Gramm-Leach-Bliley Act|
|Personal health information||Health Insurance Portability and Accountability Act of 1996 (HIPAA)|
|Personal credit history reporting||Fair Credit Reporting Act|
|Student educational records||Family Educational Rights and Privacy Act|