For your Friday morning, here are five facts about privacy policies that you may not have already known:
3) Certain industries are *required* to have privacy policies — Websites in certain industries or with certain focuses are required to have privacy policies under all circumstances — banking/financial websites, health-related websites, and websites directed to children under the age of 13.
Banking and financial websites are governed by the Gramm-Leach-Bliley Act. Websites must publish annual notices of their privacy policies and give users the ability to control who their information is shared with, in addition to stricter security requirements for protection of users’ data.
Health related companies must comply with the Health Insurance Portability and Accountability Act. The spectrum of health related company now includes not only healthcare providers, but also web companies that provide services to healthcare providers.
5) The E.U. has its own that companies must comply with or face fines — The European Union is considered to have stricter privacy laws than the U.S. In particular, any company anywhere in the world that transfers user data out of the E.U. needs to comply with the E.U. Data Directive; however, U.S. companies have the benefit of the Safe Harbor Program set up by the Department of Commerce, which the E.U. considers an acceptable substitute for their Data Directive. U.S. websites and apps that collect information from E.U. citizens should ensure that their privacy policies comply with the Safe Harbor Program.