Information (or data) privacy involves the protection of valuable and identifiable information such as demographic data or personal data of any kind, from being freely exchanged or sold. Data privacy involves the organizational decisions and rules that govern the collection, storage, sharing, analysis, and deletion of personal data. Generally, data privacy is focused on the use and governance of personal data—things like putting policies in place to ensure that consumers’ personal information is being collected, shared and used in appropriate ways.
However, what is meant by personal data, and how it is protected, can vary drastically from law to law and country to country. What constitutes personal data often directly correlates with the scope of the law that protects the information in question.
Data privacy cannot exist without keeping data secure. Adequate security measures are necessary to protect the availability, confidentiality and integrity of information.
Additionally, privacy risks arise from unauthorized activities that lead to the loss of confidentiality, integrity, or availability of health information involving the creation, collection, use, processing, storage, maintenance, dissemination, disclosure, or disposal of personal information. In large part, privacy considerations are organizational policy decisions related to personal data. Privacy really focuses on the following concepts:
1. What data should be collected?
2. What are the permissible uses?
3. With whom might it be shared?
4. How long should the data be retained?
5. What access control model is appropriate?
While security and privacy are independent and separate disciplines, they are closely related, and Page Legal believes it to be essential to take a coordinated approach to identifying and managing security and privacy risks and complying with the applicable legal requirements.
We Know Privacy
Data privacy and information security is a significant concern for organizations that operate in today’s business environment. Information systems and technology are frequently targeted and subject to unlawful intrusion by third parties. Appropriate safeguards of customer and employee data as well as of a business’ trade secrets and operations are of vital importance, yet navigating the legal landscape is challenging since the data privacy laws differ on what is meant by personal data, and how it is protected. These rules can vary drastically from law to law and country to country. What constitutes personal data often directly correlates with the scope of the law that protects the information in question.
The Page Legal Firm is a solo woman and minority owned privacy practice. Its principal attorney is knowledgeable in U.S. data privacy laws. The firm draws upon its experience to solve legal issues arising in connection with this fast-growing and dynamic area of law.
The Firm regularly assists clients with formulating and implementing privacy policies and practices, including those required by the Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act (HIPAA), the Children’s Online Privacy Protection Act and the FTC's Identity Theft Red Flag Rules.
We use a coordinated approach to risk assessments and the development of compliance solutions for our clients, drawing upon the broad experience of my practice and the firm’s privacy -specific knowledge. We believe that being proactive with respect to privacy and data security compliance obligations, and incorporating privacy by design principles where possible, will assist our clients to be responsive to government regulators’ expectations and ahead of their competition in this escalated privacy environment.