In the modern world, one of a business’s most important and valuable assets is the data that it collects from its customers or users. Customers and users often implicitly or explicitly trust a business with their data and expect that a business will securely store, use, and maintain that data as a component of their commercial relationships. Additionally, businesses also obtain valuable data sets from other sources, including by licensing those sets from other businesses. Unfortunately, data breaches have become more and more common, both as a result of hacking and as a result of negligence, and it has become incredibly important for businesses to understand data privacy law.
Businesses should typically be concerned with five different areas of data privacy law:
1. Protection of data privacy in consumer transactions. Businesses must be concerned with the protection of data privacy in consumer transactions. The protection of data in consumer transactions can be separated into two categories: (1) data privacy, or keeping consumer data secret; and (2) data security, or keeping consumer data secure through the implementation of industry-standard protections.
2. Protection of employee data privacy. Businesses must also be concerned with protecting the data privacy of their employees. In the United States, both federal and state laws affect employee rights in the area of electronic communications, such as email, voicemail, and text and instant messaging records.
3. Protection of common law rights of privacy and publicity. Businesses that use consumer or celebrity testimonials, names, or likenesses in advertising, whether on the Internet or otherwise, must also be concerned with the protection of the common law rights of privacy and publicity. These laws, which are typically defined by each state, can create causes of action for the commercial use of a name or likeness or a violation of one of the traditional common law rights of privacy, such as false light, intrusion upon seclusion, or public disclosure of private facts.
4. Protection of privacy rights in litigation. Businesses must also protect against the unauthorized disclosure of private communications in litigation, which may hamper a business’s ability to effectively litigate various causes of action in litigation. Additionally, Internet businesses may be prevented by law or practical concerns from disclosing, or compelling the disclosure, of anonymous speakers in litigation matters.
5. Protection of privacy rights under foreign law. In privacy matters, the United States is, for the most part, an opt-out society, meaning, the law demands only that businesses allow consumers to opt-out of the collection and use of their personal and personally identifiable information. Other countries and economic groups, such as the European Union, provide more stringent standards. Thus, in an increasingly global world, businesses should be concerned about the protection of these rights under foreign laws as well as the laws of the United States.
We will address each of these areas of privacy rights in upcoming posts. In the meantime, if you seek an analysis of whether your business’s privacy practices comply with the law, contact us today.