Most businesses are full of secrets, whether it's customers' financial data or employees' health problems. It's good business not to blab people's private affairs, and that also keeps you out of trouble with the law. Federal and state laws set restrictions on loose gossip about health issues, children's personal data and financial information.
If you have a company health plan, the Health Insurance Portability And Accountability Act probably covers it. HIPAA requires you adopt polices and procedures to keep your employees' medical information private. That includes employees' past, present or future physical or mental health, and the health-care services they've received under the plan. It's not an issue if nobody can identify the employee. If there's a name attached to the data, however, you may be in trouble.
The Genetic Information Nondiscrimination Act forbids businesses from considering the results of genetic tests in employment decisions. It also forbids any organization covered by the act from divulging genetic information about job seekers or employees. Genetic test results have to be kept in a confidential file, separate from other medical data. The law covers employers, unions, employment agencies and apprenticeship programs.
The Children's Online Privacy Protection Act governs data collected online from children under 13. If you know your website collects information from kids, you have to post a policy statement on the site, saying what information you gather and whether you share it with third parties. You have to make a reasonable effort to get parental consent to collect or use the information.
Under the Gramm-Leach-Bliley Financial Modernization Act, financial companies such as banks and credit-card companies have to tell consumers how the company uses financial information. The company's regular customers get a notice automatically every year. The privacy notice is usually sent by mail. Simply posting it on the office wall isn't enough notification to meet the law.
Federal laws are the law everywhere in the United States. On top of that, many states have passed their own privacy laws. The California Reader Privacy Act, for instance, says online booksellers can only disclose information about a customer's reading habits or purchases if the customer approves, or if the data is covered by a search warrant or court order. Connecticut requires any business that collects Social Security numbers to have a policy for protecting the information.
- Department of Health and Human Services: Summary of the HIPAA Privacy Rule
- Equal Employment Opportunity Commission: Genetic Information Discrimination
- COPPA - Children's Online Privacy Protection Act
- Federal Trade Commission: In Brief: The Financial Privacy Requirements of the Gramm-Leach-Bliley Act
- National Conference of State Legislatures: State Laws Related to Internet Privacy
- Stockbyte/Stockbyte/Getty Images