Protecting information privacy per U.S. federal law.

AuthorJones, Virginia A.
PositionCover story

Protecting the privacy of internal and external customers is a critical responsibility for those with records and information management responsibilities. This article provides a high-level overview of privacy issues and broadly applicable U.S. federal laws governing them.

Business and government entities must understand and apply increasingly complex laws and regulations to protect the data and records of their customers and citizens. Compliance with U.S. personal information protection laws is often difficult due to the number and interrelationship of federal and state laws and regulations that affect or relate to these issues.

In 2013, nearly 58 million records were reported compromised in the United States according to the Identity Theft Resource Center. With increased collection of data and easier methods of collection, protecting personal information has become a big issue in today's business and government environment.

Contributing Factors to Data Breaches

There is now prolific and far-reaching collection and distribution of personally identifiable information (PII) due to increased use of the Internet for a number of activities such as conducting business meetings, interacting with government, personal and business banking and other financial transactions, data vaulting, shopping, socializing, and even attending classes.

Online Transactions

There is a generational trust of and reliance on computerized data with a desire for easier and quicker methods to conduct these actions. The need to more quickly access information or activities leads many to submit personal information online and, in doing so, leave themselves open to unauthorized access to their personal information.

Often online submittal of PII either explicitly or implicitly authorizes data sharing between entities. While several U.S. federal laws require an "opt-out" opportunity to be provided by online businesses to allow consumers to choose not to have their data shared (or even marketed), it is not always obvious to the user that a choice exists or, in many cases, the user does not pay attention to the choice.

Data Sharing

To increase efficiency, data is frequently shared by those who collect it. In the private sector, acquired data is often shared or sold. Acquisitions and mergers of business entities also might provide useable data to disparate sectors of business. For example, an entertainment company might buy a mortgage company, giving it access to personal information it would not otherwise collect. In the government sector, collected data is often shared between agencies to expedite processes and to determine eligibility for a variety of programs and benefits. In fact, the EGovernment Act of 2002 encourages the sharing of various data between certain federal agencies when appropriate.

Ease of Access

Exposure to privacy information breaches is compounded by the ease of access to personal information. The use of Google, Yahoo, Any Who, or other search engines and locators makes it easier to obtain the personal information of others through increased hacking into computer systems, Internet phishing, and just plain stealing hard media or information from hard media, such as credit cards, credit card statements, checks, and other documents containing PII thrown in the trash or recycling. This proliferation of accessible personal information has resulted in misuse of personal information by the unscrupulous through identity theft, spamming, stalking, or preying.

Increase in Social Security Numbers Issued

The most overused personal information is the Social Security Number (SSN). Originally established in 1935 by the federal government as part of the Social Security program requiring employees to contribute a portion of their earnings toward a national retirement fund, the issuance of SSN was expanded in the 1970s to include newborns and non-employed residents in the United States.

With the majority of the population having a centrally recorded identification number, the SSN became an accurate method of uniquely identifying individuals. Businesses and government required the SSN for a number of services and benefits, even for accepting personal checks. One of the earliest abuses of personal privacy was the stealing and misuse of SSN.

As breaches and misuse of personally...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT