Internet privacy laws and regulations

30.06.2020

Back to blog list

Data Security and Privacy in the European Union

One of the greatest challenges in the world today is making the Internet a secure place. For this purpose, there is a global trend of rigid regulations that governments are setting for ensuring that individuals’ information is kept private. The burden of privacy regulations is being placed on companies’ IT staff. Minor mistakes can and do often result in serious losses for companies. EU data privacy regulations currently take the form of the General Data Protection Regulation (GDPR), which affords particular “rights” to Internet users. These rights include the right to rectify, the right to be forgotten, and the right to a lawsuit in the event that the person’s rights have been violated. “Rectify” entails that wherever a company publishes information about a person’s digital identity that is false, the person has the right to see that information rectified. A person also does not have to tolerate content of him displayed on the Internet if he doesn’t wish it to be there. This is the individual’s choice to permit or not permit.


Learn how to to detect suspicious activity in databases till information gets exported


Data Privacy in the United States

US privacy regulations are for the most part set by the individual states. Privacy regulations in effect nationwide include include HIPPA, which protects the individual’s right to maintain privacy with respect to their health; the Children’s Online Privacy Protection Act, which protects websites from being able to collect information on children; and the Fair Credit Reporting Act, which governs how credit information can be collected and used. Data privacy law in 25 states also protect Internet users’ information, in particular the California Consumer Privacy Act, which has recently been passed to provide for consumer data privacy in the state, which is even more stringent than the GDPR. Types of information that are illegal to transfer to third parties except where explicitly authorized include personally identifiable information or PII. Any such information that is exchanged, for instance if Google provides information to advertisers as to the name or address of a user, is subject to data breach fines. 

How to Protect Personally Identifiable Information

Data privacy regulations worldwide such as these have led to rigid data privacy policy at companies that must be kept up to date and strictly adhered to, both in terms of direct provision of information and keeping  technology cutting edge, since one mistake could mean the end of a company. Lawsuits are not the only expense – data breach penalties are also imposed by state governments and federal agencies. PII data breach fines have been handed out in the amount of 10 million dollars to two telecommunications companies by the Federal Communications Commission (the FCC) due to the fact that the companies stored PII of these individuals without adequate data privacy protection safeguards. In Europe, data breach fines can amount to a maximum of 20 million Euros or 4% of the company’s income the previous year. The hope is that it will become as difficult as possible for criminals to compromise PII security.


Compliance Database Risk management