Companies are struggling to understand how to comply with rapidly changing and sometimes conflicting privacy obligations. For entities outside of the US seeking to do business in the States, approaching and understanding the patchwork of state and federal privacy laws can be daunting, especially since US privacy laws vary depending on the type of activities in which companies engage, the individuals from whom they gather or use information, and the industry in which the company operates. While there are some "general" privacy laws (notably in California and Virginia) those are the exception rather than the rule.
Rather than think about legal requirements on a law-by-law basis, it can be helpful to group obligations by activity. What restrictions exist when collecting personal information? What notices need to be given? What type of choices should individuals be provided about how their information is used? Do those choices need to be affirmative (opt-in) or retroactive (opt-out)? How can companies use information? Can they send marketing emails? Text messages? In our recent Nota Bene podcast episode, Michael P.A. Cohen and Liisa Thomas discuss ways to approach these requirements, and the support the recent treatise, Thomas on Big Data: A Practical Guide to Global Privacy Laws released by Thomson Reuters, provides for organizations.
Putting It Into Practice: Privacy laws are continuing to modify and adapt, and companies will need to stay on top of these developments as they continue with their privacy compliance efforts. Along with our ongoing blog posts, we are happy to provide other tools (like this new treatise) for our clients -and for the industry generally- to help make clarity in this sea of ongoing confusion.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.