Personal Data Protection Laws Overview
It is a common practice to collect personal information from a customer, employee or the citizen in general. The information may include just the name, address, and number or even the profession, religion, sexual orientation and so on. But how safe is all the personal information? Is there a guarantee that this information will not be used for any other purpose outside the company policy? Is an individual’s data protected from being misused?
What is personal data?
The definition of personal data differs across all states in the U.S., or all regulations. Some information may be considered personal data for the purpose, but not for another. In general, personal data refers to data related directly or indirectly to a person who is identified or identifiable from the information in possession of the data user. It includes any personal information, sensitive personal data, and expression of opinion about the person.
What is a personal data protection law?
A personal data protection law is the same as information privacy law which prohibits misuse or disclosure of information about any private individual. Over eighty countries and independent territories adopt comprehensive data protection laws. A personal data protection law regulates the processing of personal data. The objective of the personal data protection law is to protect the personal data of individuals with respect to commercial transactions. The law applies to any person who collects and processes personal data in regards to commercial transactions.
What Laws Protect Your Personal Data?
Every individual has certain key rights concerning the processing of their personal information. The rights are governed by both, federal and state laws and may differ from one state to another. They include the following.
- Right to access personal data/copy of the data: Only under certain conditions,
- Employees are entitled to get copies of personal data held by employers
- Parents are entitled to receive copies of information online, for children under thirteen
- Individuals can get a copy of medical information contained by a health service provider
- Individuals are permitted to receive a copy of consumer report information from the consumer reporting agency under the Fair Credit Reporting Act.
- Right to be forgotten/deletion: Apart from California, no other state in the U.S. permits the request to deletion of information posted online while under the age of eighteen.
- Right to data portability: An individual is entitled to request medical information held by a health care provider to be transferred to another health care provider, under the Health Insurance Portability and Accountability Act.
- Right to withdraw consent: Individuals are permitted to withdraw the consent given to receive certain types of calls to residential or mobiles telephones, under Telephone Consumer Protection Act.
- Right to object marketing: Every individual is given the right to opt out of marketing and advertising calls under the Telephone Consumer Protection Act.
- Right to object processing: Under the Telephone Consumer Protection Act every individual is given the right to opt out of receiving commercial emails and the right to receive certain types of calls without express consent in the federal level. At the state level, the individuals have the right not to have telephone calls recorded without consent or both or all parties.
- Right to restrict processing; Right to complain to relevant data protection authority; Right to rectification of error: These rights are not applicable in all states across the United States.
The U.S data protection law focuses on the general security of the data. Data transparency, data minimization, purpose limitation, lawful basis of processing, data retention and proportionality are not addressed.