Five Laws You Should Know - InformationWeek
07:58 PM

Five Laws You Should Know

Five of California's statutes require careful review.

Identifying the laws with the greatest compliance impact is difficult. From my perspective, though, there are at least five statutes in California, apart from the Security Breach Notice Law, that require watching and careful review:

The Online Privacy Protection Act of 2003
This is known as the new "privacy policy" law and went into effect July 1. Under this law, all commercial Web sites and online services that collect personal information from California residents must have a conspicuous privacy policy at the site. A violation under this law results only if the site or service refuses to post a privacy policy within 30 days of being notified of its obligation to do so.

Social Security Number Confidentiality
This law restricts a commercial entity (or governmental agency) from publicly displaying a Social Security number, using it on an identification card or similar access card, or requesting it online without the requisite secure link. This law phases in from 2002 to 2007.

Destruction of Customer Records
This law governs the methods under which documents and records that contain any personal information of a consumer must be destroyed. They must be shredded, erased, or otherwise modified in such a way that they are no longer recoverable.

Note that this law may be superseded by the Federal Fair Credit Reporting Act amendments. The Federal Trade Commission has requested comments to its proposed rule on the disposal requirements. The comment period ended June 15. Essentially, "Section 216 of the FACT Act requires the Commission, Federal banking agencies, National Credit Union Administration, and Securities and Exchange Commission (the 'Agencies'), to issue regulations requiring 'any person that maintains or otherwise possesses consumer information, or any compilation of consumer information, derived from consumer reports for a business purpose to properly dispose of any such information or compilation.' The purpose of this section is to prevent unauthorized disclosure of consumer information and to reduce the risk of fraud or related crimes, including identity theft, by ensuring that records containing sensitive financial or personal information are appropriately redacted or destroyed before being discarded. The Agencies are required to consult and coordinate with each other so that, to the extent possible, regulations implementing this section are consistent and comparable. In addition, the Agencies' regulations must be consistent with the Gramm-Leach-Bliley Act and other provisions of federal law.

"The Commission has conferred with the Agencies and now offers for public comment this proposed rule regarding the disposal of consumer report information and records ('Disposal Rule' or 'Rule')." (From the FTC request for comments, Proposed Rules, Federal Register April 20.)

Check with your counsel on whether the California law still applies to your data destruction and keep an eye on the rulemaking by the FTC to see the federal standards.

California's Fair Debt Collection Act
Among other things, this law forbids a creditor from trying to collect a debt from a victim of identity theft. There are various procedures required on the victim's part as well as on the creditor's part before this becomes a ban on collection of the debt.

Employment Of Offenders--Penal Code
This law prohibits prison inmates from being employed in a situation in which personal information is made available. In many cases, prisoners across the United States are being used for data input. In at least one case I'm aware of, a woman was cyberstalked by a prisoner who got her information while working from prison. This law was designed to prevent that kind of abuse.

Return to main story: "What You Don't Know About Privacy Can Hurt You"

Return to the sidebar: "The Law Itself"

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll