With data breaches hitting the headlines month after month, many Internet users have expressed serious concerns about sharing their information online. As a result, Internet privacy policies have become a top concern for every company that conducts business online. Strict laws have been enacted that govern the types of information collected, to whom that data is given, and how it will be used.
Internet privacy policies force companies and organizations to protect their information and systems from cyber-attacks such as viruses, trojan horses, phishing, denial of service (DOS) attacks, unauthorized access (stealing intellectual property or confidential information) and control system attacks.
Following is a brief overview of the main Internet privacy policies enacted by major governments and entities. If your company conducts business within any of their jurisdictions, you must comply with the applicable regulations or face stiff penalties. It pays, then, to at least know the basics of each.
United States
There are three main cybersecurity regulations in the United States:
- 1996 Health Insurance Portability and Accountability Act (HIPAA)
- 1999 Gramm-Leach-Bliley Act
- 2002 Homeland Security Act, which included the Federal Information Security Management Act (FISMA)
These three regulations require healthcare organizations, financial institutions, and federal agencies to protect their systems and information with a “reasonable” level of security.
Since these laws were enacted, others have been added to improve cybersecurity and protect consumers.
- Cybersecurity Information Sharing Act (CISA) of 2015
- Cybersecurity Enhancement Act of 2014
- Federal Exchange Data Breach Notification Act of 2015
- National Cybersecurity Protection Advancement Act of 2015
Among these, two newer provisions significantly impact how companies can obtain, store, use, and share private information of users.
CAN-SPAM
The United States CAN-SPAM Act applies to all commercial messages, which the law defines as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service,” including email that promotes content on commercial websites. The law makes no exception for business-to-business email. Each separate violation of the CAN-SPAM Act is subject to penalties of up to $42,530.
California Consumer Policy Act
The CPPA focuses on the principles of accountability, control, and transparency. Based on the General Data Protection Regulation (GDPR) privacy law passed by the European Union, the CPPA applies to any businesses marketing or collecting personal data on or from California residents. The law gives users more control over their personal data, sets a broader definition for personal information, and restricts companies’ reliance on consumer data.
Some are hoping that this bill will better align the US with strict EU privacy standards and set the stage for a new era of digital regulation over privacy rights. However, the law can still be adjusted and edited until it goes into effect in 2020.
Canada
Canada’s Anti-Spam Legislation (CASL) seeks to protect Canadian citizens from the harmful effects of spam and related threats by creating a safer and more secure online marketplace. CASL was created in 2014 to reinforce best practices in email marketing and combat spam and related issues. These issues include identity theft, phishing, and the spread of malicious software, such as viruses, worms and trojans (malware).
The basic provisions of the CASL provide:
- Powers to investigate and take action against violators.
- Authority to set administrative monetary penalties.
- Authority to target those who send commercial electronic messages without the recipient’s consent or install programs on computers or networks without express consent.
- Ability to promote compliance among organizations and individuals.
Europe
The European Union General Data Protection Regulation (GDPR) has been hailed as the most important change in data privacy regulation in 20 years. It is a set of comprehensive laws that govern how global companies that do business in Europe can handle the personal information of users.
The basics include allowing users more control over how much data they surrender and how it is used, an increased territorial scope of coverage, defined penalties for breaching the laws, strengthened conditions for user consent, and other enhanced rights for the user.
In the full text of GDPR, there are 99 articles that define and explain the rights of individuals and the obligations placed on organizations that are covered across Europe. However, each individual country within the EU has the ability to make its own small changes.
The Future of Internet Privacy Policies
These policies are just the beginning. Businesses need to be more aware of how their data collection, usage, and marketing outreach strategies affect consumers. Moreover, new rules will be forthcoming that have security and privacy in the consumers best interest. These will not only include how data is gathered and used but also how it is transmitted.
Are your Internet communications secure? MHO provides high-performance Internet services to help your business meet the ever-changing demands and regulatory policies of your particular industry. Our private Metro Ethernet and Dedicated Internet solutions allow for better security, visibility, and performance. Contact us today for more information and availability.
