IP Essentials: Q&A Series

Q What kinds of data are not governed under privacy laws? A Most data privacy laws do not cover anonymous or deidentified data that cannot be traced to a particular person. “Deidentified” data is information that cannot be reasonably traced to a particular individual because the data that points to an individual has been removed. Care must be taken in anonymizing or deidentifying data to ensure that it is both properly deidentified and is not subject to re-identification. Q What countries have laws governing data privacy? A There are privacy laws in many countries throughout the world. The European Union, Canada, the United Kingdom, Australia, and Singapore all have national privacy laws with somewhat similar components. Q Does the United States have laws governing data privacy? A There is not one comprehensive federal law governing data privacy in the United States. Instead, there is a complex patchwork of sector-specific and medium- specific data privacy laws and regulations at the federal level addressing privacy policies in telecommunications, health information, credit information, financial institutions, and marketing.

The following federal laws include privacy provisions and should be considered when preparing your privacy policy: • The Federal Trade Commission Act (15 USC § 41 et seq.); • Children’s Online Privacy Protection Act (15 USC § 6501 et seq.); • Health Insurance Portability and Accounting Act (HIPAA— P.L.104-191); • The Gramm Leach Bliley Act (15 USC § 6802 et seq.); and • The Fair Credit Reporting Act (15 USC § 1681). Q Do any states have comprehensive laws governing data privacy? A The United States has hundreds "There is not one compre-

hensive fed- eral law gov- erning data privacy in the United States... instead there is a complex patchwork of...laws and regulations"

of data privacy and data security laws among its states, territories, and localities. As of 2021, twenty- five U.S. states have laws governing the collection, storage, safeguarding, disposal, and use of personal data collected from residents, especially regarding data breach notifications and the safe use of Social Security numbers. Some laws apply only to governmental entities, others to private entities, and some laws apply to both.

IP ESSENTIALS: DATA PRIVACY

88

89

Made with FlippingBook HTML5