Five Laws You Should Know - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

07:58 PM

Five Laws You Should Know

Five of California's statutes require careful review.

Identifying the laws with the greatest compliance impact is difficult. From my perspective, though, there are at least five statutes in California, apart from the Security Breach Notice Law, that require watching and careful review:

The Online Privacy Protection Act of 2003
This is known as the new "privacy policy" law and went into effect July 1. Under this law, all commercial Web sites and online services that collect personal information from California residents must have a conspicuous privacy policy at the site. A violation under this law results only if the site or service refuses to post a privacy policy within 30 days of being notified of its obligation to do so.

Social Security Number Confidentiality
This law restricts a commercial entity (or governmental agency) from publicly displaying a Social Security number, using it on an identification card or similar access card, or requesting it online without the requisite secure link. This law phases in from 2002 to 2007.

Destruction of Customer Records
This law governs the methods under which documents and records that contain any personal information of a consumer must be destroyed. They must be shredded, erased, or otherwise modified in such a way that they are no longer recoverable.

Note that this law may be superseded by the Federal Fair Credit Reporting Act amendments. The Federal Trade Commission has requested comments to its proposed rule on the disposal requirements. The comment period ended June 15. Essentially, "Section 216 of the FACT Act requires the Commission, Federal banking agencies, National Credit Union Administration, and Securities and Exchange Commission (the 'Agencies'), to issue regulations requiring 'any person that maintains or otherwise possesses consumer information, or any compilation of consumer information, derived from consumer reports for a business purpose to properly dispose of any such information or compilation.' The purpose of this section is to prevent unauthorized disclosure of consumer information and to reduce the risk of fraud or related crimes, including identity theft, by ensuring that records containing sensitive financial or personal information are appropriately redacted or destroyed before being discarded. The Agencies are required to consult and coordinate with each other so that, to the extent possible, regulations implementing this section are consistent and comparable. In addition, the Agencies' regulations must be consistent with the Gramm-Leach-Bliley Act and other provisions of federal law.

"The Commission has conferred with the Agencies and now offers for public comment this proposed rule regarding the disposal of consumer report information and records ('Disposal Rule' or 'Rule')." (From the FTC request for comments, Proposed Rules, Federal Register April 20.)

Check with your counsel on whether the California law still applies to your data destruction and keep an eye on the rulemaking by the FTC to see the federal standards.

California's Fair Debt Collection Act
Among other things, this law forbids a creditor from trying to collect a debt from a victim of identity theft. There are various procedures required on the victim's part as well as on the creditor's part before this becomes a ban on collection of the debt.

Employment Of Offenders--Penal Code
This law prohibits prison inmates from being employed in a situation in which personal information is made available. In many cases, prisoners across the United States are being used for data input. In at least one case I'm aware of, a woman was cyberstalked by a prisoner who got her information while working from prison. This law was designed to prevent that kind of abuse.

Return to main story: "What You Don't Know About Privacy Can Hurt You"

Return to the sidebar: "The Law Itself"

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Augmented Analytics Drives Next Wave of AI, Machine Learning, BI
Jessica Davis, Senior Editor, Enterprise Apps,  3/19/2020
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll