|August 22, 2013|
Previously published on September 1, 2013
Privacy law touches the lives of all of us in different ways. To a constitutional junky, it simply provides protection from government intrusion. To A-list celebrities, it can help keep candid pictures off the front page of a tabloid. But what does privacy law mean to your business lawyer? The answer boils down to one word - compliance.
Focus on Financial Businesses
In today’s tech-driven economy consumers share increasing amounts of personal information with all kinds of companies. Despite consumers’ willingness to share their private information, businesses bear the burden of properly managing that information. And, the risk is high for failing to do so.
The Federal Trade Commission (FTC) regulates and oversees business privacy laws. Financial businesses are a focus for the FTC because they accumulate vast amounts of personal and financial data about customers. The Gramm-Leach-Bliley Act, signed into law by President Clinton on November 12,1999, is applicable particularly to financial institutions and includes two important subparts for privacy compliance: the Financial Privacy Rule and the Safeguards Rule, found at 15 U.S.C. §§ 6801-6809. Under the Financial Privacy and Safeguards Rules, each financial institution has an obligation to respect the privacy of its customers and to secure and protect the confidentiality of its customers’ nonpublic personal information.
To implement the provisions of this Act, regulatory agencies have developed standards:
(1) to insure the security and confidentiality of customer information;
(2) to protect against anticipated threats or hazards to the security and integrity of this information; and
(3) to protect against unauthorized access to and use of this information which could result in substantial harm or inconvenience to the customer.
A financial institution may not disclose nonpublic personal information to a nonaffiliated third party unless it has provided to its customer a notice complying with § 6803 of Title 15. The notice must describe:
(1) the policies and practices of the institution with respect to disclosing nonpublic personal information to nonaffiliated third parties and its policies and practices with respect to disclosing personal information of former customers;
(2) the categories of nonpublic personal information collected;
(3) the policies maintained to protect the confidentiality and security of that personal information; and
(4) the disclosures required.
Additionally, a customer may opt out of that disclosure. There are also limits on sharing of information for marketing purposes.
Impact on Smaller Businesses
While larger non-financial companies are accustomed to dealing with privacy compliance, many smaller companies are not. But they still face requirements under privacy law. Those companies that are growing accumulate and use more private information than ever before.
An APPlicable Example
As an example, let’s be hip and look at “app” developers. What can smaller tech companies do to ensure compliance? To start, help is available. See Federal Trade Commission BCP Business Center. “Marketing Your Mobile App: Get It Right from the Start.” at http://Business.ftc.gov/documents/bus81-marketing-your-mobile-app. (Accessed 7/11/13).