Privacy Legislation and Regulations in the United States - HTML

Privacy laws in the United States are not very strong. Instead, companies and organizations have adopted self-regulating policies and procedures, as you’ll see later in this chapter. However, there are a few U.S. laws you should be aware of:

  • The Children’s Online Privacy Protection Act
  • The Electronic Communications Privacy Act (ECPA)
  • The Patriot Act
  • The Fair Credit Reporting Act

How much these impact you depends on a number of factors. For example, if your Web site is geared towards children, your privacy policy descriptions and implementations need to be rock solid.

The Children’s Online Privacy Protection Act
The Children’s Online Privacy Protection Act (COPPA) was put into effect April 21, 2000. It was created to oversee the collection of personal information from children under 13. According to the Federal Trade Commission (FTC), which enforces the act, “The new rules spell out what a Web site operator must include in a privacy policy, when and how to seek verifiable consent from a parent, and what responsibilities an operator has to protect children’s privacy and safety online.”

As the overseer of this act, the FTC evaluates whether the subject matter and content of your site suggests that your Web site is geared towards children. Such content can include the following:

  • The ages of models used in online photography
  • The makeup of visual or audio content
  • Advertising
  • Whether or not animation or other features are geared toward children

It’s safe to say that if your site has a lot of cartoons and puzzles, the FTC will consider your site to be one that is aimed towards children.The intent behind the act is to make sure that you maintain easy access to a privacy policy on children’s sites, including your home page and wherever you collect personal information from children. The privacy link can’t be one of those links you see at the bottom of Web pages using tiny font sizes, but must actually be prominent. The FTC actually advises you to use a larger font for these links.

The actual notice, which should be clearly understandable by children in the target market for your Web site, must contain the following information:

  • The name and contact information of any party that collects information from children. This includes address, telephone number, and e-mail address.
  • The type of information actually collected and how the information is collected, including if that information is collected through cookies or other passive means.
  • How you intend to use the personal information, including any marketing and/or contest plans, or whether or not the information is available via a chat room.
  • Your Web site’s policy and intent on disclosure of collected information. You must disclose the kinds of businesses that have access to this information, why it’s being passed along, and whether or not these third parties will honor the same privacy policies outlined on your site and in COPPA.
  • A statement that a child’s parent or guardian can refuse to permit the disclosure of information to a third party and that as a Web site operator you won’t try to collect any more information than is absolutely necessary for successful participation in an activity that you claim requires the collection of this information.
  • A policy that allows a parent or guardian to review any information on the site and refuse collection or use of the information you collect. The law is designed to protect the rights of children and to prevent some of the more malicious behavior that can crop up when information gathering on children takes place, so the last thing you’ll want to worry about is how compliance with the act will impact the design of your Web site. Instead, before you even consider collecting information from children, ask yourself if you really need to.

Electronic Communications Privacy Act
The ECPA was enacted in 1986 and prohibits unlawful access of electronic content, as well as disclosure of electronic content as it may apply to the privacy rights of individuals. The law covers a variety of wire and electronic communications services, which is defined by the law as “any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photo electronic, or photo optical system that affects interstate or foreign commerce.” In addition to discouraging unlawful access to electronic communications (think wiretaps), the law also prevents government agencies from requiring disclosure of electronic communications without following a protocol such as the gathering of search warrants, and so on. The newer Patriot Act of 2001 has superseded some aspects of this law.

The Patriot Act of 2001
The Patriot Act of 2001 has become a rallying cry among civil liberty groups involvedwith Web privacy, particularly the Electronic Frontier Foundation. The act is a rathermassive tome (300 plus pages) that was passed shortly after the events of September 11, 2001. Generally, however, this act shouldn’t affect your Web site development, unless you’re contracting with some foreign governments that may be considered friendly to terrorists or may be known to harbor them. If this is the case, you should review the documentation of the act, as well as the EFF’s take on the situation at the following URL:

Fair Credit Reporting Act
If you’ve ever obtained a credit card you’ve been impacted by the Fair Credit Reporting Act, which requires that credit bureaus provide access to consumers’ credit reports and provides an opportunity to dispute them, which is where you come in. If a consumer disputes a blemish you’ve created on their credit report, you are required to respond to inquiries credit bureaus make on their behalf.

Privacy Legislation and Regulations in the EU
You may find that you are in compliance with laws in the United States, which really aren’t very strong in the privacy arena, but have run afoul of standards in the European Union.The European Union considers privacy a fundamental right, and has codified this general philosophy into law, whereas the political culture in the United States leans towards a general distrust of government that predates the Revolutionary War. Thus, the approach in the United States is largely hands-off, and is a combination of watered-down legislation, administrative regulation, and industry self-regulation.

The EU Directive on the Protection of Personal Data governs electronic communications as it pertains to information gathering and prohibits the transfer of data to any non-EU nation that doesn’t meet European privacy standards.

The EU directive requires that any personal information gathered from its Web site visitors comply with the following:

  • Collected for specified, explicit, and legitimate purposes, and in a way that is both fair and lawful under the eyes of each European Union member nation.
  • Bears a direct relation to the activity that prompts the information gathering and does not exceed reasonable standards in regards to how much information is gathered.
  • Maintained and updated accurately and with expirations that reflect the actual need for retaining the records.

Although the United States may seem to lag behind the EU in legislating privacy, it actually leads in areas of self-regulation, and many companies and organizations adhere to stringent privacy policies. In fact, most companies include a privacy policy in a link at the footer of their Web sites that details specific information about a company’s privacy policy.

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd Protection Status

HTML Topics