The following is a summary of the most important laws that restrict companies, websites, and other non-government entities from gathering and storing personal data from their customers:
Cable Communications Policy Act of 1984
In addition to restricting when the government can obtain subscribers’ personal data from cable companies, this federal law requires cable companies to delete any personally identifiable information they have collected if they no longer need the information for the purpose fore which it was originally collected. (1)
Children’s Online Privacy Protection Act of 1998
This federal act applies to websites directed at children that collect personally identifiable information about children. Such sites must make known what information they collect and obtain parental permission. Additionally, sites cannot require children to provide personal information (beyond that which is reasonable necessary) to participate in a game or contest. (2)
California Online Privacy Protection Act of 2003
This law, which went into effect on July 1, 2004, applies to all websites that collect personally identifiable information about people in California – essentially all sites that collect personal data and are available in the U.S. The law requires any such site to have a privacy policy that is posted conspicuously and that the site actually follows. The policy must make clear what types of personally identifiable info are collected, and generally what third parties info may be shared with. Additionally, the policy must describe the process (if any) by which visitors can review and request changes to the information that the site has collected. Finally, the policy must have an effective date and must describe how visitors will be notified of changes to the policy. According to this law, personally identifiable information is defined as individually identifiable information about an individual consumer collected online by the operator of the site from that individual and maintained by the operator in an accessible form. (3)
State laws against spyware
Beginning in 2004, states began to enact laws restricting the installation of spyware. Such laws exist in California, Utah, Arizona, Arkansas, Georgia, Iowa, Virginia, Washington, Hawaii, Louisiana, Tennessee, and Rhode Island. The laws typically prohibit any person or entity from installing spyware – software that takes control of a computer or collects personally identifiable data – on another person’s computer without permission. (4)
1. http://ilt.eff.org/index.php/Privacy:_Statutory_Protections
2. http://www.ftc.gov/ogc/coppa1.htm
3. http://www.leginfo.ca.gov/cgi-bin/displaycode?section=bpc&group=22001-23000&file=22575-22579