A show of hands please -- who really believes they have any privacy today? If you've raised that hand, I suggest you go to Google and put in your name. Chances are, there are pages of references to you and that's only what you see. Every time you use your computer to do a search, buy an item, research a topic, there are unseen eyes keeping track. Every notice how those shoes you were looking at on-line during your lunch break appear in the ads of the next website you visit (really shook me up the first time I noticed that).
Well this is not a rant about privacy but a wake-up-call for small businesses that privacy matters and in fact may be one of the most difficult issues your business must deal with. The next few entries will talk about the structure and applicability of U.S. and foreign data privacy laws and regulations and why they are important to your business. But first I'd like to clear up some common misconceptions. Confidentiality and privacy are different concept
Privacy - Structure of U.S. Data Privacy Laws and Regulations
Privacy law in the US is a maze of ad hoc legislation on both the federal and state levels targeting certain industries (e.g. financial institutions); types of data (e.g. medical records, data in electronic format); certain groups (e.g. children, movie renters); and certain entities (e.g. publicly traded companies, communication service providers). Bottom line is there is no general privacy law -- rather the laws tend to be subject matter specific. In addition there can be subject matter legislation on the Federal and State level -- with each state having its own set of laws. So what are you looking out for? Well let's get down to the practical -- first and foremost, you will need to identify what existing Federal and State statues may apply to your business. To do that you will need to understand where and how you collect and use PII. (continued below)
Privacy - Structure of U.S. Data Privacy Laws and Regulations (continued)
Next installment, Privacy -- Structure of Foreign Data Privacy Laws and Regulations, and remember, ALWAYS CONSULT AN ATTORNEY FIRST.
Privacy - Structure of Foreign Data Privacy Laws and Regulations
So we've talked about the US but what about privacy obligations in the rest of the world? Remember data isn't static and you will need to think about the country in which the PII is collected and how it moves from country to country (foreign office, outsourcing), and what your obligations may be in each country in which you hold PII. Well unfortunately, like in the US, there is no uniform mechanism to regulate the collection, dissemination and use of private information outside of the US. Each country has its own set of privacy laws and regulations. In addition, the European Union is set up much like the US Federal/State system. Members of the EU have a uniform set of laws, but these laws are implemented separately by each EU members. And just to make things more complicated, if you decide to move data from the EU to another country that movement out of the EU is governed by EU privacy regulations. (continued below)
Privacy - Structure of Foreign Data Privacy Laws and Regulations (continued)
What if you collect PII in the US and use a foreign company to process that data? Well be prepared to understand how the US Federal and State laws and regulations apply to the data collected in the US, how the foreign laws and regulations apply to the data resident in the foreign country and whether there are then restrictions on moving the data out of that foreign country and back to the US. Ready to call for "Help" http://www.youtube.com/watch?v=TU7JjJJZi1Q. OK, I just couldn't resist, but the truth is the use of PII has become a mine field and it's hard to find a business which doesn't have privacy obligations. There are headlines everyday around the world and enforcement actions are becoming more prevalent so sticking your head in the sand is not the answer.
Next installment, Wrapping it all Up, and remember, ALWAYS CONSULT AN ATTORNEY FIRST.
Wrapping it all Up
If you've been reading this journal either you're a glutton for punishment or you're getting ready to or have just started a business. If it's the later then I hope this has been helpful, but I'm sure it hasn't been enough. My aim in this journal has really been to acquaint you with the general legal issues facing the start-up. As I'm sure you've now figured out, there are very few cookie cutter answers but being better educated can really help move the process along and hopefully keep you out of trouble. Over the next few weeks I plan to start a new Journal that will focus on the "Contract Process". Here I will start with the opening paragraph (who are the parties) and continue through the signature lines (who should execute the agreement) with the goal of helping you to understand what you're signing and why you should care. For now, I'll leave you with a little Sondheim http://www.youtube.com/watch?v=-836TtoF_5I&feature=related, and remember, ALWAYS CONSULT AN ATTORNEY FIRST.
Our Rating is calculated using information the lawyer has included on
their profile in addition to the information we collect from state
bar associations and other organizations that license legal
professionals. Attorneys who claim their profiles and provide Avvo
with more information tend to have a higher rating than those who do
What determines Avvo Rating?Experience & background
Years licensed, work experience, education
Legal community recognition
Peer endorsements, associations, awards
Legal thought leadership
Publications, speaking engagements
This lawyer was disciplined by a state licensing authority in .
Disciplinary information may not be comprehensive, or updated. We recommend that you always check a lawyer's disciplinary status with their respective state bar association before hiring them.