Why Are Privacy Law and Information Security Law Important?
Privacy and information security issues are among the most challenging and rapidly-evolving areas of risk for companies across a wide spectrum of industries. The ability to collect, use, and, share customer information has become increasingly important to all kinds of businesses, and in many cases, it is absolutely critical to business success. In recent years, however, statutes, regulations, and civil lawsuits have collectively resulted in significantly greater compliance obligations and higher risks associated with handling customer or employee information.
What Is "Privacy Law" and "Information Security Law"?
When we refer to "privacy law" or "information security law," we are not describing a single, cohesive body of law. Instead, we refer to a wide assortment of federal and state statutes, regulations, and cases from areas that are most commonly referred to as "healthcare law," "financial regulation," "employment law" and other traditionally-defined areas of law. Privacy and information security issues arise in a number of contexts, including the following:
- Electronic signatures and records, including the Electronic Signatures in Global and National Commerce Act (E-SIGN Act) and the Uniform Electronic Transactions Act (UETA)
- E-commerce requirements, including the Payment Card Industry Data Security Standards (PCI-DSS)
- Data breach response laws and data disposal laws
- Password theft, hacking, and wiretapping, including the Stored Communications Act, the Wiretap Act, and other anti-interception laws
- Website privacy policies and practices, including the Children's Online Privacy Protection Act (COPPA)
- Email marketing, including the CAN-SPAM Act
- International privacy compliance, including the European Union Directive on Data Protection Safe Harbor
- Social media policies for employers
- Financial privacy, including the Gramm-Leach-Bliley Act, the Financial Privacy Act, the Bank Secrecy Act, and other federal and state financial institution laws
- Unauthorized transactions and funds transfers, including the Electronic Funds Transfer Act and Regulation E, as well as the Uniform Commercial Code
- Financial account takeover statutes and the cases that control the allocation of losses when financial accounts are compromised
- Credit reporting laws and other "background check" laws, including the Fair Credit Reporting Act
- Identity theft laws, including the North Carolina Identity Theft Protection Act and the Federal Trade Commission's "Red Flags" regulations
- Health information privacy, including HIPAA and HITECH
- Educational privacy, including the Federal Education Rights Privacy Act (FERPA)
- Employment privacy and non-disclosure agreements
- Trade secrets
I look forward to exploring these issues with you in the days, weeks, months, and years to come!