By Milton L. Petersen, published on June 13, 2011, in Business in Savannah.
As we move to an ever-more-interconnected world, the privacy and confidentiality of personal information is becoming increasingly important and harder to control.
There are various different laws and regulations that require companies to maintain privacy policies and to make them available to their customers. For example, HIPAA requires health care providers and health plans to maintain notices of privacy practices and make them available to their patients or members. The Gramm-Leach-Bliley Act requires financial institutions to develop privacy policies and share them with their customers. Most Web sites have privacy policies, and the Federal Trade Commission has authority to bring actions to enforce those policies.
The widely-accepted concepts that are commonly used as the model for creating privacy policies, both in the United States and internationally, are known as the “Fair Information Practice Principles.” Initially proposed in a U.S. advisory committee report in 1973, these guidelines have since been used as the foundation for many privacy laws and regulations and the basis of fair and adequate privacy policies.
Visitors to a Web site should also be informed of the specific ways in which collected information will be used (e.g., to fulfill submitted orders, to respond to requests for information, etc.) and with whom that information will be shared (e.g., to suppliers and subcontractors in fulfilling submitted orders or responding to requests for information, or to marketers and other unrelated third parties).
Access and participation is the next core principle of the Fair Information Practice Principles. This means providing consumers with the right to access, verify, and correct or update information collected about them. Obviously, the extent to which this right will need to be accommodated will depend upon how long, and for what purposes, personal information is maintained.
The core principle of integrity and security translates into explaining to consumers how information about them is protected and the different types of security measures used to protect that information. Consumers are entitled to reassurance that information about them will be properly protected.
Milton L. Petersen is a partner with HunterMaclean’s Information Technology Practice Group. He can be reached at 912-236-0261 or firstname.lastname@example.org.