Research Paper: Privacy Laws Are a Big

Pages: 6 (1816 words)  ·  Bibliography Sources: 2  ·  Topic: Business  ·  Buy This Paper

Privacy laws are a big part of Business Administration in ensuring the business is in compliance with law and ensuring the privacy of sensitive information, both for customers and employees. Businesses have a legal obligation to protect sensitive information of their customers and employees[footnoteRef:1]. It is important to be aware of all areas of privacy law that pertain to the business operations as well as privacy laws that pertains to employees. The Fair and Accurate Credit Transaction Act, the Red Flags Rule, the California Public Utilities Commission General Order 107-B, case law, Safe Harbor, Identity Theft Penalty Enhancement Act, data breach laws, and for some businesses HIPAA and the Gramm-Leach Bailey Act are some privacy laws that affect businesses. [1: http://business.ftc.gov/privacy-and-security]

The Fair and Accurate Credit Transaction Act (FACTA) "incorporates several provisions that require financial institutions, creditors, and other businesses that rely on consumer reports to detect and resolve fraud by identity theft."[footnoteRef:2] Under FACTA, the Red Flags Rule applies to any financial institution or any business who provides services or products for later payment. This means that businesses who sale goods or services on credit plans must adopt privacy practices for consumers paying balances on credit accounts. Businesses must adopt a plan to detect, prevent, and mitigate identity theft. The rules must identify certain signals of actual or attempted identity theft based on established plans of the results of a risk assessment of operations. The rules must also include adopted procedures for proper document disposal, such as shredding services that are bonded to protect information contained in paperwork no longer needed. The Identity Theft Penalty Enhancement Act was also established for aggravated identity theft that produces higher penalties for crimes of identity theft.[footnoteRef:3] if it is deemed that a business did not comply with privacy law in an identity theft case, the business could also face penalties for noncompliance. [2: https://www.privacyrights.org/fs/fs6a-facts.htm] [3: Holtfreter, R.E. & Holtfreter, K., (2006), "Gauging the effectiveness of U.S. identity theft legislation," Journal of Financial Crime, 13(1), 56-64. Retrieved from http://search.proquest.com/docview/235987750?accountid=27965]

Consumer payment mechanisms is another area of privacy concern. FACTA also requires businesses to truncate, or shorten, account information on electronic credit and debit receipts.[footnoteRef:4] Account information showing on receipts given to the customer at the point of sale generated from an electronic payment system may not include more than the last five digits of the card number and must delete the expiration date. Information received in websites through payment software for goods also are required to truncate, or shorten account information. Noncompliance can bring Federal Trade Commission law enforcement action, including civil penalties and injunctive relief. Consumers also can sue businesses and collect damages and attorney fees if it is deemed the business was out of compliance with FACTA. [4: http://www.niada.com/www.activengage.com/PDFs/Information/Compliance/CreditCardTruncate0708.pdf]

Corporations have increasing liability for security of employee and customer information, and personal data.[footnoteRef:5] There is increased statutory, regulatory, and legal pressures on corporations to protect personal data and to protect their businesses from financial and productivity losses. The largest security breaches can come from inside the organization where employees have access to personal information. States have been implementing laws requiring notification of all affected parties resulting from security breaches. California legislature enacted the first data security breach notification law in July 2003 that forces state agencies and organizations doing business in California to notify California residents when a security breach results in the release of personal information.[footnoteRef:6] Arizona law requires a business that becomes aware of an incident of unauthorized acquisition of data that includes personal information to investigate and determine if there has been a breach of information.[footnoteRef:7] if there has been a breach, the business is required to notify the Arizona consumer. Willful and knowing violations can result in a $10,000 fine per breach. Other states are adopting laws as well that force businesses to a higher accountability in dealing with personal information. [5: Deybach, G. (2007), "Identity theft and employer liability," Risk Management, 54(1), 14-17. Retrieved from http://search.proquest.com/docview/226993528?accountid=27965] [6: http://www.princeton.edu/ogc/legal-guidance/privacy/Vol.-4-2.pdf] [7: http://www.mintz.com/newsletter/2007/PrivSec-DataBreachLaws-02-07/index.htm]

The Safe Harbor Rules govern international business with the businesses located in the European Union.[footnoteRef:8] Safe Harbor mandates that individuals be notified about the purposes of collecting and using personal information. Businesses must provide contact information for individuals to inquire and complain. Third parties that information is shared with must be identified where individuals know who they are. Choices must be offered to individuals to opt out of the sharing and disclosure of their personal information. Individuals must have access to information the company holds about them and be able to correct, amend, or delete inaccurate information. Organizations must take reasonable precautions and protect personal information. Information that has been collected must be relevant to the purposes it was used for. Organizations must have a complaint system available, procedures for verifying company commitments, and must meet obligations to remedy problems. Sanctions issued to members for noncompliance must be rigorously sufficient to ensure compliance is met. [8: http://www.ita.doc.gov/ecom/SafeHarborOverviewAug00.htm]

There are laws and regulations concerning workplace privacy and employee monitoring. For the most part, as long as rules for telephone and internet usage is stipulated in the organization's policy, the policy dictates what employees are allowed to do and not allowed to do on company premises. There would be not regulations that covered workplace privacy, except if personal telephone calls are not stipulated in the policy. Federal case laws, such as Watkins v L.M. Berry & Co., 704 F.2d 577,583 (11th Cir.1983), prohibited the monitoring of personal phone calls of employees.[footnoteRef:9] Some case law has upheld attorney client privilege, even if made from an employer's phone, while other cases have not. The biggest issue with employee privacy is the organizational policies that dictate what employees are allowed to do and what they are prohibited from doing on the job. [9: https://www.privacyrights.org/fs/fs7-work.htm]

For calls with customers, there may be some state regulations that require the customer to be told about any monitoring of the phone calls, such as monitoring to provide better services in the future. Calls in California are required into inform parties of call monitoring by a beep tone or a recorded message under California Public Utilities Commission General Order 107-B. [footnoteRef:10] Depending on the state the business operates in, there may be privacy laws or regulations that cover calls to customers or other consumers. [10: Ibid.]

If the business is in the health care industry, it is also governed by the Health Information Portability and Accountability Act (HIPPA).[footnoteRef:11] Medical identity theft occurs when computers get stolen or sold without expunging data, hacking, inadvertent disclosure of confidential data, or deliberate misuse of information by those that have access to it. Medical identity theft occurs to obtain medical services with billing under another's information, such as insurance. The HIPAA Security Rule is enforced by the Centers for Medicaid and Medicare Services (CMS). CMS defines protected health information as "individually identifiable health information that is electronically or otherwise transmitted or maintained."[footnoteRef:12] the rule covers entities with health plans, healthcare clearing houses, and healthcare providers that transmit health information electronically, such as provider to insurance company for payment or provider to provider for referring a patient for additional services. [11: Journal of Internet Law, 10(8), 1-16] [12: Ibid.]

The general requirements of HIPAA include the assurance of confidentiality, integrity, and availability of electronically protected health information they process. Safeguards must be taken against reasonably anticipated security threats. The organization is responsible for protecting against reasonably anticipated impermissible uses and disclosures. Policies must be in place and enforced to ensure workforces comply with the rule.

Health care organizations are obligated to protect against identity theft as well as medical identity theft, whether it is an inside security breach or an outside source. This means that the information system has higher requirements in who has access to the information as well as organizational policies that govern the security of personal information. HIPAA operates on a need to do the job basis in knowing what is in a medical record. For example, staff that are not assigned to a patient on a particular shift are not allowed to view the patient's medical record. They are only allowed to know information on patients they are assigned to and only enough information to do their respective jobs. Nursing staff are not allowed to view payment information on any patient because they do not need to know the information to perform their respective positions.

The Gramm-Leach Bliley Act requires financial institutions to explain their information sharing practices to their customers and to safeguard sensitive data.[footnoteRef:13] Financial institutions are defined as companies that offer financial products or services like loans, financial or investment advice, or insurance. Personal information that is usually collected is names, addresses, phone numbers, bank and credit card account numbers, income and credit histories, and social security numbers. [13: http://business.ftc.gov/privacy-and-security/gramm-leach-bliley-act]

Under the Gramm-Leach Bliley Act, companies in the Federal Trade Commission jurisdiction are required to follow the Safeguards Rule and take measures to maintain security of customer information. The companies are required to have… [END OF PREVIEW]

Four Different Ordering Options:

?
Which Option Should I Choose?

1.  Buy the full, 6-page paper:  $28.88

or

2.  Buy + remove from all search engines
(Google, Yahoo, Bing) for 30 days:  $38.88

or

3.  Access all 175,000+ papers:  $41.97/mo

(Already a member?  Click to download the paper!)

or

4.  Let us write a NEW paper for you!

Ask Us to Write a New Paper
Most popular!

Privacy Rights Term Paper


When Media Treads on Thin Ice Term Paper


Technology and Privacy Duties and Laws Term Paper


Ethics of Privacy Is a Very Controversial Research Proposal


Patient Privacy and Security of Information Research Paper


View 352 other related papers  >>

Cite This Research Paper:

APA Format

Privacy Laws Are a Big.  (2013, April 24).  Retrieved July 17, 2019, from https://www.essaytown.com/subjects/paper/privacy-laws-big-part/2434698

MLA Format

"Privacy Laws Are a Big."  24 April 2013.  Web.  17 July 2019. <https://www.essaytown.com/subjects/paper/privacy-laws-big-part/2434698>.

Chicago Format

"Privacy Laws Are a Big."  Essaytown.com.  April 24, 2013.  Accessed July 17, 2019.
https://www.essaytown.com/subjects/paper/privacy-laws-big-part/2434698.