Critical legislation and suggested guidelines for privacy include:
- The Cable Communications Policy Act – provides for judicious use of PII by cable operators internally but places restrictions on disclosures to third parties.
- The Children’s Online Privacy Protection Act (COPPA) – provides protection to children under the age of 13. Customer Proprietary Network Information Rules – these pertain to telephone companies and curb their use of customer information internally and to third parties.
- The Financial Services Modernization Act (Gramm-Leach-Bliley) – mandate for financial institutions to give customers clear descriptions of the institution’s policies and procedures for protecting the PII of customers.
- Telephone Consumer Protection Act – regulates communications between companies and consumers, such as in telemarketing.
- The 1973 U.S. Code of Fair Information Practices declares:
- No personal data record – keeping systems whose very existence is secret.
- Transparency – there must be a way for a person to discover what information about them is on record and how it is used.
- There must be a way for a person to prevent disclosure of information about them to be used for purposes other than its original intent.
- Any organization creating, maintaining, using, or disseminating records of identifiable personal data must ensure the integrity of the data for their intended use and must take precautions to prevent misuses of that data.
- The Health Insurance Portability and Accountability Act (HIPAA) – includes Privacy and Security Rules and standards for electronic transactions and code sets.
