Intellectual Property
PRIVACY
What is Privacy Law?
Privacy law covers a wide range of laws, regulations, and directives that cover how personal information is collected, used, transferred, and sold by companies. The rules vary by country, state, and industry. Europe has lead the way with the General Data Privacy Regulation (GDRP) which went into effect May 2018. California has followed suit, implementing the California Consumer Privacy Act (CCPA) which took effect January 2020. Generally speaking, these laws provide sweeping protections for consumers, and places tighter restrictions on companies.
Beyond the GDRP and CCPA, certain industries face enhanced regulatory privacy compliance requirements. Notably, financial institutions must comply with the Gramm-Leach-Blliley Act (GLB), also known as the Financial Modernization Act, which requires financial institutions to explain how they share and protect their consumers' private information. In the healthcare realm, the HIPPA Privacy Rule protects individuals' medical records and other personal health information.
Privacy Assessment
The first step in determining what laws apply and whether you are in compliance with those laws is to conduct a Privacy Assessment. During an assessment by NOLI IP SOLUTIONS, we will identify the rules applicable to your industry, review your past, present, and future data collection, protection, and sharing activities, and assess the steps that must be taken to ensure compliance.
Privacy Policy Drafting
Depending on the results of the assessment, it may be necessary to implement an internal (for employees) and/or an external (for clients) privacy policy. Internal policies will address how employees handle your customers' personal information, the measures taken to protect it, and the practices of retaining, destroying, or transferring it. An external policy will address such things as what information you collect, what you do with it, and procedures customers can utilize to obtain their data or have it destroyed.
Privacy Audits & Response
Once you have a policy in place that meets the requirements of the applicable law, a best practice is to conduct periodic privacy assessments to ensure continued compliance and to identify any potential risk areas. In the event of a breach, it is also important to ensure that the proper actions are taken to maintain any safe harbors or other mitigation opportunities in order to limit the potential liability and damages.
Related Articles
