Legal Aspects of Online Privacy

There are many cyber threats that look to exploit our personal information. Because a lot of our personal information is online there are many things we need to do to prevent our identities from being misused.

Internet privacy involves the collection, use, and secure storage of personal information. Internet privacy is mainly involved with how our personal information is made vulnerable through the Web, such as through tracking, data collection, data sharing, and cyber-security threats.

A Pew Research Institute study has found that controlling personal information online is considered “very important” to 74% of Americans. Another Pew study has indicated that 86% of Americans have taken initiative into maintaining their privacy by deleting cookies, encrypting email, and protecting their IP addresses.

The potential for breaches of online privacy has grown significantly over the years. There is no single law regulating online privacy. Instead, a patchwork of federal and state laws apply. Some key federal laws affecting online privacy include:

• The Federal Trade Commission Act (FTC)[1914]– regulates unfair or deceptive commercial practices. The FTC is the primary federal regulator in the privacy area and brings enforcement actions against companies. This includes failing to comply with posted privacy policies and failing to adequately protect personal information.
• Electronic Communications Privacy Act (ECPA) [1986] - protects certain wire, oral, and electronic communications from unauthorized interception, access, use, and disclosure.
• Computer Fraud & Abuse Act (CFAA) [1986] – makes unlawful certain computer-related activities involving the unauthorized access of a computer to obtain certain information, defraud or obtain anything of value, transmit harmful items, or traffic in computer passwords. The law has been in amended six times.
• Children’s Online Privacy Protection Act (COPPA) [1998] – requires certain website and online service providers to obtain verifiable parental consent before collecting, using, or disclosing personal information from minors under the age of 13. It also requires websites to post an online privacy policy, collect only the personal information necessary, and create and maintain reasonable security measures.
• Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act) [2003] – governs sending unsolicited commercial email and prohibits misleading header information and deceptive subject lines. It also requires senders to disclose certain information, include a valid opt-out mechanism, and it creates civil and criminal penalties for violations.
• Financial Services Modernization Act (GLBA) [1999] – regulates the collection, use, and disclosure of personal information collected or held by financial institutions and requires customer notices and a written information security program.
• Fair and Accurate Credit Transactions Act (FACTA) [2003] – requires financial institutions and creditors to maintain written identity theft prevention programs.

Source: legal.thomsonreuters.com