Privacy, Policy, and Encryption

Laws and Definitions

Graham-Leach-Bliley Act (GLB Act)requires companies such as state or federal

banks, insurance brokers and financial brokers that collect customer’s financial information to follow strict guidelines on what can and cannot be done with such information.

Health Insurance Portability and Accountability Act (HIPPA)designed to make medical insurance

coverage available for those employees who had preexisting medical conditions.

has now evolved to include complex e-privacy regulations to protect medical records.

Children’s Online Privacy Protection Act

provides protection and regulations when information collected online could allow a child under the age of 13 to be individually identified or enable the child to be contacted directly.

Federal Electronic Signature in Global and National Commerce Act

validated the use of electronic signatures in online transactions. The act provides that electronic signatures may not be denied solely based on the fact that it is in electronic form. Private entities are not required to use or accept e-signatures.

e-signaturean electronic signature

Encryptionpermits electronic information to be

scrambled by the sender and decoded and understood only by the intended recipient.

Payment Card Industry Security Standards Council (PCI SSC)

an independent standards body that requires companies to provide minimum levels of security when handling consumer data.

Payment Card Industry Data Security Standards (PCI DSS)

a system designed to prevent theft of electronic and paper cardholder data during transaction processes.

Parental Consentactual affirmation from the parent obtained

by methods such as email or postal mail approving contact with a child, specifically under age 13.

Online Privacy PolicyCompany privacy policy that applies to data

collected or transmitted both online and offline, unless the policy specifically states that the limits of the scope of the policy apply only to data collected online.