personal information. COPPA is enforced by the FTC and requires that website operators allow parents to: 1) view the personal information collected by a website about their child; and 2) delete and correct that information. Note that COPPA applies to children under the age of 13. The White House’s 2012 Consumer Data Privacy Bill of Rights contained in the report Consumer Data Privacy in a Networked World states that, “companies also should provide consumers with reasonable access to personal data that they collect or maintain about them, as well as the appropriate means and opportunity to correct inaccurate data or request its deletion or use limitation.” New laws such as the GDPR and CCPA are including such rights to access and delete personal data. In May 2014, the European Court of Justice recognized the controversial “right to be forgotten.” This right has been codified in the new EU data protection law known as the GDPR that became effective May 25, 2018. Residents of the EU now have expanded rights to request access to and deletion of their personal information. Data Security Requirements. The FTC Act does not specifically address data security. The FTC has, however, brought enforcement actions alleging that the failure to take reasonable and appropriate steps to protect personal information is an “unfair act or practice” in violation of the FTC Act. For example, the FTC has found violations of the FTC Act where a company: 1) failed to encrypt information while it was in transit or stored on the network; 2) stored personally identifiable information in a file format that permitted anonymous access; 3) did not use readily accessible security measures to limit access; 4) failed to employ sufficient measures to detect unauthorized access or conduct security investigations; and 5) created unnecessary business risks by storing information after it no longer had any use for the information, in violation of bank rules. Restrictions on Sharing Data with Third Parties. The FTC Act does not expressly prohibit the sharing of personal information with third parties. However, a business can get into trouble when it states that it will not
26
Made with FlippingBook - Online Brochure Maker