Data privacy concerns the handling of information of others. Data privacy laws encompass nearly every aspect of the data including the consent on how and what information is collected, when the information is collected, the consent and notices to collect it, how its stored, who has access to it along with for what reasons among other aspects. The data itself could be anything that can be collected such as a name, location, contact information, medical diagnosis, online or real-world behavior among other information.
The increased enforcement of data privacy laws has created a greater degree of liability for companies. Clearly identifying rights and responsibilities within policies and contracts is one way to reduce the exposure to these liabilities. The following are a few of these methods of reducing data privacy liabilities.
A data processing agreement is a contract stating the rights and obligations of each party concerning the protection and processing of personal data. These agreements are for companies that store, analyze, or communicate personal information.
Clearly defined technical requirements, use, and ownership of data along with other aspects of data privacy help cap the liability when unforeseen events occur such as a data breach employee misuse or third party access.
When handling PHI – Protected Health Information it is important to have a BAA – Business Associate Agreement in place that identifies everyone’s responsibilities. This will identify who holds what liability exposure if complications should arise. These agreements are tailored towards the HIPPA requirements of Covered Entities only being able to work with Business Associates to ensure the safety of Protected Health Information.
Understanding who is on the other end of the internet is becoming increasingly important due to personal privacy laws that can vary based on geographic location, citizenship, age, or other factors. In the United States the federal laws require businesses to inform how they collect, use, share, and protect personal information while also restricting how it can be used. Further laws govern California more specifically as they have enacted the CCPA – California Consumer Privacy Act (CCPA). If the user is within the EU European Union, the GDPR – General Data Protection Regulation laws apply to the user. There are several compliance laws specifically addressing minor children which requires companies to implement Privacy Policy Addendums Specifically for Underage or Children Users.
Non-Disclosure agreements are the most common document used in the United States for information protection. This document contractually obligates the receiving party form disclosing information received. This document can also go by the names of CDA Confidential Disclosure Agreement or PIA Proprietary Information Agreement.