What Is Privacy Compliance Law?

Privacy Compliance Law

The area of privacy compliance law addresses how organizations meet legal and regulatory requirements for collecting, processing, or maintaining personal information. Data privacy breaches can lead to regulatory investigations and fines. When privacy is compromised, consumers or employees may respond with civil lawsuits. It is recommended, but not required by a federal law, that companies create and post privacy policies on websites and mobile apps. Once posted, companies must follow these policies or face scrutiny by the Federal Trade Commission. (California and Delaware state law does require privacy policies to be posted on websites and mobile applications, if the site collects personally identifiable information).

The majority of U.S. states have passed security breach disclosure laws, meaning companies must follow privacy compliance laws at the state levels. Federal laws such as the healthcare-related HIPAA law and the financial law, Gramm-Leach-Bliley Act, also have precise privacy regulations that must be followed by companies in order to avoid fines and legal liability.