Our privacy compliance experts can assist your firm to navigate the U.S. and Global Data Privacy requirements:
Within the U.S. at the Federal Level
The United States currently lacks an overarching federal law that regulates the collection and use of personal information. Alternatively, overlapping and potentially contradictory protections have ensued from the government’s decision to deal with privacy and security by regulating only certain sectors and types of sensitive information (e.g., health and financial).
The Federal Trade Commission (FTC) is an independent U.S. law enforcement agency charged with protecting consumers and enhancing competition across broad sectors of the economy. The FTC’s primary legal authority comes from Section 5 of the Federal Trade Commission Act, which prohibits unfair or deceptive practices in the marketplace. The FTC also has authority to enforce a variety of sector-specific laws, including the Truth in Lending Act, the CAN-SPAM Act, the Children’s Online Privacy Protection Act, the Equal Credit Opportunity Act, the Fair Credit Reporting Act, the Fair Debt Collection Practices Act, and the Telemarketing and Consumer Fraud and Abuse Prevention Act. This broad authority allows the Commission to address a wide array of practices affecting consumers, including those that emerge with the development of new technologies and business models.
Within the U.S. at the State Level
As of March 2018, all 50 U.S. states, as well as the District of Columbia, Guam, Puerto Rico, and the U.S. Virgin Islands, have enacted breach notification laws that require businesses to notify consumers if their personal information is compromised. These new and amended state data breach laws expand the definition of personal information and specifically mandate that certain information security requirements are implemented.
Outside the U.S.
With the revised General Data Protection Regulation (GDPR), the European Union (EU) has become the focal point of the global dialogue on individual data privacy. In contrast to U.S. law, EU law protects all personal data, regardless of who collects it or how it is processed. Other advanced economies, such as Canada, Israel, and Japan, have pivoted toward creating privacy regimes that are compatible with the EU’s GDPR rather than with the patchwork approach of the United States.