SlideShare a Scribd company logo

US Data Privacy Laws: Legal and Marketing Professionals’ Views

IDG Connect
IDG Connect
TechnologyNews & Politics
1 of 8
Research Paper May 2013 IDG Connect has produced new research based on marketing and legal professionals’ views of data privacy laws in the US. This sets out to address how the two groups feel about the current state of data privacy legislation and whether there is a disconnect between the two departments. US Data Privacy Laws: Legal and Marketing Professionals’ Views
2 Contents US Data Privacy Laws US Data Privacy Laws 3 A Mess of Legislation 4 Legal Professionals vs. Marketers 5 US vs. EU 7 Conclusion 8
3 US Data Privacy Laws 19% 67% 14% The last few years have seen a surge in the volume of data that organizations hold on individuals, and now, the way marketers communicate with their lists is often subject to legislation. This means marketing and legal departments have to work closer than ever before. However, beyond this, privacy is an issue that impacts everyone. And most people have a personal opinion on the kind of information that many companies own about them. In a bid to explore this further, IDG Connect has produced new research on marketers’ and legal professionals’ views of data privacy. This sets out to address how these groups feel about the current state of data privacy and whether there is a disconnect between the two departments. “Now that modern devices afford abundant opportunities for the perpetration of such [privacy] wrongs without any participation by the injured party, the protection granted by the law must be placed upon a broader foundation.” (Warren & Brandeis, 1890) These words may be over a hundred years old, but they are as true today as when first written, and with the orientation vote imminent in the LIBE on Europe’s General Data Protection Regulation, the United States’ patchwork of data privacy laws has come under renewed scrutiny. Warren and Brandeis’ hallmark article in the Harvard Law Review in 1890 is generally considered to be the basis for establishing the right to privacy as a tradition of common law. Thanks to technological advances, the “right to be let alone” has had to expand considerably and countries all over the world now specific legislation addressing the privacy of data. But do data privacy laws in the United States go far enough? Our survey of 40 legal professionals and marketers across the US showed that an overwhelming majority (81%) of those we asked either didn’t think US privacy laws were sufficient, or didn’t know for sure. One respondent went so far as to claim, “I don’t believe there is any privacy… Companies and individuals are being hacked at an alarming rate even with all the protection they think they have so there is little to no privacy or safety there.” Only 19% of legal professionals and marketers that we surveyed felt that US privacy laws go far enough, and those that did tended to be much more succinct with their comments: “I feel the laws are sufficient.” US Data Privacy Laws: Legal and Marketing Professionals’ Views Do you think US data privacy laws go far enough? Yes No Don’t know 19% 14% 67% 50% 40% 30% 20% 10% 0% 80% 70% 60%
4 US Data Privacy Laws Interestingly, the two industries shared remarkably similar views, with only 18% of marketers and 20% of legal professionals agreeing that current US data privacy laws are adequate. This seems to be supported by our findings that a significant proportion (17%) of marketers do not consider themselves “extremely impacted” by data privacy issues – perhaps if they were, data privacy laws would be considered more effective? As one marketer put it: “If the consumer only knew the practices of some business – from marketers to businesses in the information collection business – there would be outrage.” In the course of this report we will outline current US data privacy laws and present our research into the opinions of legal and marketing professionals in an effort to discover whether US data privacy laws really are sufficient. A Mess of Legislation Unlike almost every country in Europe and most of Latin America, Asia and Africa, the United States doesn’t have a single, comprehensive law on data protection and privacy. Instead, the country relies on a combination of federal and state laws and regulations, and self-regulation. But while companies can be penalized by the FTC for violating their privacy notices, violation is unlikely since the privacy notices are written by the companies themselves. Privacy legislation in the US has often been adopted on an ad hoc basis: new legislation arises as its required (the Video Privacy Protection Act of 1988, the Cable Television Protection and Competition Act of 1992); different legislation exists for different industries (the Health Insurance Portability and Accountability Act (HIPAA), the Fair Credit Reporting Act (FCRA)); and there’s separate legislation covering data held by the government (the Privacy Act of 1974, the Computer Security Act of 1987). Many of the federal laws are specifically designed to protect personal data held by the federal authorities and, as such, don’t have any authority over data collected, held, or used by non-government bodies. This system appears to be geared towards a different world, because today, the big worry for individuals is the information that search engines and online companies like Google, Amazon and Facebook hold. Indeed, one respondent in the legal industry commented that, “personal data is a valuable commodity… the only way many companies (e.g. Facebook) will ‘do the right thing’ with regard to personal data is if the government puts laws in place requiring them to do so”. The key piece of data legislation in the US is the Privacy Act of 1974, which specifically governs the collection, maintenance and use of personal data held by federal agencies. The regulations cover disclosure, access, and amendment of data by an individual, as well as establishing a code of ‘fair information practices’. Disclosure of information is prohibited without the written consent of the individual, except in the case of twelve statutory exceptions; individuals must be granted access to their records; and given the opportunity to amend those records if they can prove them inaccurate or irrelevant. In 1988, the Privacy Act was amended to include The Computer Matching and Privacy Protection Act, with further amendments in 1990. The amendment improved protections for individuals whose records are used in automated matching programs by requiring a standardized procedure in carrying out matching programs; due process in order to protect subjects’ rights; and the establishment of Data Integrity Boards at each matching agency to supervise matching programs.
5 US Data Privacy Laws As with many of the federal privacy laws in the United States, the Privacy Act only applies to records held by an “agency”, meaning that any records held by non-agency entities are not covered. While there’s a plethora of laws in the US that cover data privacy, the lack of a cohesive privacy law is seen by some as inadequate, as one legal professional put it, “US law is very limited and narrow in scope. There are many gaps where there is not law and many others where the law is uncertain.” Legal Professionals vs. Marketers: Professional and Personal Opinions We surveyed 40 legal and marketing professionals in the United States to find out whether they think current US data privacy laws are sufficient. The results were similar across the two professions, with just 18% of marketers and 20% of legal professionals of the opinion that privacy laws as they stand are adequate. The overwhelming majority of marketers (72%) thought that data privacy laws in the US do not go far enough; 50% of legal professionals agreed with this response, while 30% weren’t sure. Some of those we surveyed openly admitted to not being sufficiently versed in US Privacy laws – “Not educated on the topic”. Do you think US data privacy laws go far enough? Marketers are well-known for using personal data in their professional lives, but do their personal and professional views on data privacy laws differ? Would you expect more conflict from a marketing professional than a legal professional? We found that the response from legal professionals was quite close, with 60% of respondents saying they didn’t feel there was a conflict between their personal views and professional experiences when it comes to data privacy. We were surprised that the majority of marketers also responded in the negative (53% felt no conflict). However, one marketer was particularly strident in her view of their fellow marketers: “When it comes to business many, such as myself, will go above and beyond what is necessary to stay in compliance, but at the same time I find competitors take advantage of the weak, crossing the line in the sand which should be well established.” Is there ever a conflict between your personal views and professional experiences when it comes to data privacy? Legal Marketers 20% 18% 50% 30% 72% 10% Don’t Know No Yes No Yes 40% 60% 47% 53% Legal Marketers 0% 20% 40% 60% 80% 100%
6 US Data Privacy Laws The responses of both legal professionals and marketers were varied when asked how they were impacted professionally and personally by data privacy issues. Our legal professionals were those most strongly impacted professionally by data privacy issues, with half of respondents saying they were “extremely impacted”. The majority of marketers (60%) however, took a middle-of-the-road view of any professional impact. Neither industry seemed significantly impacted personally by data privacy issues, with just 33% of legal professionals and 20% of marketers claiming to be “extremely impacted”. However, this may be a simple case of being unaware of any issues – as one legal professional commented, “I don’t know if my data privacy has ever been compromised.” How impacted are you professionally by data privacy issues? How impacted are you personally by data privacy issues? The sufficiency of US data privacy laws for some respondents however, is not the main issue – the government that makes the laws is. One marketer explained, “Ironically, I find the US government is one of the worst violators when it comes to privacy and collection of information”, while another held both the government and businesses to account, saying, “Too much snooping by the government, not enough honesty and transparency by businesses”. Others believe that the government should stay out of data privacy all together, since it is down to the individual to protect their own data. Law enforcement was also accused of sidestepping privacy laws: “There are still too many people than can just say, ‘I want this data, turn it over.’ Even if they are law enforcement, they still need a warrant and a good reason, not just ‘I think this person did something and I want to see what’.” Not at all impacted Somewhat impacted Very impacted Extremely impacted Neither impacted nor unimpacted Not at all impacted Somewhat impacted Very impacted Extremely impacted Neither impacted nor unimpacted Legal Marketers 50% 40% 30% 20% 10% 0% 40% 30% 20% 10% 0%
7 US Data Privacy Laws US vs. EU: What Do the Differences Mean for Privacy? Unlike the US, every country in the European Union adheres to the Data Protection Directive, a set of laws that protect an individual’s privacy, and give them the means to take action if that privacy is violated. Furthermore, EU citizens’ data is protected regardless of the industry, unlike in the US where a patient could sue their doctor for revealing personal information, but couldn’t sue a website for revealing the same information. Despite this however, some of our respondents are happy with the US’ current laws, with one saying, “I think US laws protect individuals sufficiently. I don’t think the extra protection provided by the EU translate into *better* protection”. Debate has been raging on both sides of the Atlantic over the sufficiency of privacy laws in light of proposals currently before the European Parliament for the General Data Protection Regulation (GDPR). The GDPR will replace the current EU Data Protection Directive that doesn’t take into account the effects of globalization and technological developments like social networks and cloud computing. The new legislation will not be limited to countries within the EU, but will also apply to all US companies processing the data of European residents. If accepted, the law will prevent web businesses from performing basic collecting and profiling unless an individual gives their explicit consent. This will be a serious change because additionally, businesses will have to permanently delete personal information upon request, with the potential of a fine of up to 2% of their annual sales for not complying. The proposals are currently under consideration by the European Parliament, with adoption expected in 2014 provided that the provisions are agreed upon. The outcome of the parliamentary debate will be critical to technology companies in the US, since a third or more of their sales can be generated in the European Union. The debate over the GDPR is not the first US-EU conflict over privacy and protection laws. When the EU Data Protection Directive was passed, it in theory prohibited the transfer of personal information from the EU to the US because the US does not have equivalent privacy protection in place. This is where the Safe Harbour framework came in. Described by Google as “a robust and highly successful privacy framework that has benefited consumers and our economies over many years”, the US-EU Safe Harbor Agreement is designed to prevent the accidental loss or disclosure of information by enforcing adherence by US companies to seven principles. However, with Europe considering its new privacy policy, the US has raised concerns over what will happen to the Safe Harbour Framework and what effect it will have on businesses. The Department of Commerce has announced clarifications regarding the US-EU Safe Harbor Framework and Cloud Computing that state as an officially recognised mechanism, approved by the European Commission, the Framework cannot be dismissed by the EU regulators. This may bring relief to those US companies that will be affected in a change in EU data privacy law, but is it the end of the matter? The Framework may be safe from complete elimination, but the European Commission is likely to reopen discussions about its content so they will more closely match the new legislation.
8 US Data Privacy Laws Conclusion So what does the future hold for US privacy law? With the GDPR due for adoption next year, many companies in the United States are worried about the impact the stricter data privacy legislation will have on their business. But is stricter legislation necessarily better? While 81% of our respondents don’t think so, some do, with one respondent going so far as to say that the laws themselves aren’t the problem – “it’s that the average consumer isn’t aware of concerned as they should be. We need to raise consciousness to the problems and issues”. So is that the simple solution – better privacy education? Given the speed of technological innovation this seems reasonable, after all, how can the law ever keep up with the speed of tech? About IDG Connect IDG Connect, a division of International Data Group (IDG), the world’s largest technology media company, produces, publishes and distributes local IT and business information on behalf of a truly global client base. Established in 2005, we have a fully nurtured audience of 2.6 million professional decision-makers from 130 countries, and an extended reach of 38 million names. This lets us conduct research, create independent analysis and opinion articles, and drive long-term engagement between professionals and B2B marketers worldwide. For more information visit www.idgconnectmarketers.com

Recommended

Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article OverviewCraig Clark ITIL, CIS LI,EU GDPR P
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill Komal Gadia
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and PrivacyVertex Holdings
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data ProtectionDirectorate of Information Security | Ditjen Aptika
 
Data Protection Act 1998 (amended 2000)
Data Protection Act 1998 (amended 2000)Data Protection Act 1998 (amended 2000)
Data Protection Act 1998 (amended 2000)The Pathway Group
 

Recommended

Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article OverviewCraig Clark ITIL, CIS LI,EU GDPR P
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill Komal Gadia
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and PrivacyVertex Holdings
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data ProtectionDirectorate of Information Security | Ditjen Aptika
 
Data Protection Act 1998 (amended 2000)
Data Protection Act 1998 (amended 2000)Data Protection Act 1998 (amended 2000)
Data Protection Act 1998 (amended 2000)The Pathway Group
 
What about GDPR?
What about GDPR?What about GDPR?
What about GDPR?Martin Hawksey
 
Data Privacy and the GDPR
Data Privacy and the GDPRData Privacy and the GDPR
Data Privacy and the GDPRDemandbase
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographicMarketing Team at Crown Worldwide Group
 
Cyber security and prevention in Bangladesh
Cyber security and prevention in BangladeshCyber security and prevention in Bangladesh
Cyber security and prevention in BangladeshRabita Rejwana
 
Data Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataData Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataOpenAIRE
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdfPriyanka Aash
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Kimberly Simon MBA
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Actmrmwood
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR DemystifiedSPIN Chennai
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overviewJane Lambert
 
Research on Digital Security Act 2018
Research on Digital Security Act 2018Research on Digital Security Act 2018
Research on Digital Security Act 2018Nilima Tariq
 
Introduction to data protection
Introduction to data protectionIntroduction to data protection
Introduction to data protectionRachel Aldighieri
 
DN18 | Making Personal Genomics Transparent, Secure and Equitable | Dennis Gr...
DN18 | Making Personal Genomics Transparent, Secure and Equitable | Dennis Gr...DN18 | Making Personal Genomics Transparent, Secure and Equitable | Dennis Gr...
DN18 | Making Personal Genomics Transparent, Secure and Equitable | Dennis Gr...Dataconomy Media
 
GDPR Presentation
GDPR PresentationGDPR Presentation
GDPR PresentationCILIP Ireland
 
Uses of magnetic stripe cards
Uses of magnetic stripe cardsUses of magnetic stripe cards
Uses of magnetic stripe cardsAllan Hall
 
EU:n yleinen tietosuoja-asetus nuorisotyön näkökulmasta
EU:n yleinen tietosuoja-asetus nuorisotyön näkökulmastaEU:n yleinen tietosuoja-asetus nuorisotyön näkökulmasta
EU:n yleinen tietosuoja-asetus nuorisotyön näkökulmastaHarto Pönkä
 
Data Privacy
Data PrivacyData Privacy
Data PrivacyHome
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Financial Poise
 
Privacy Breaches In Canada It.Can May 1 2009
Privacy Breaches In Canada It.Can May 1 2009Privacy Breaches In Canada It.Can May 1 2009
Privacy Breaches In Canada It.Can May 1 2009canadianlawyer
 

More Related Content

What's hot

Data Privacy and the GDPR
Data Privacy and the GDPRData Privacy and the GDPR
Data Privacy and the GDPRDemandbase
 
Cyber security and prevention in Bangladesh
Cyber security and prevention in BangladeshCyber security and prevention in Bangladesh
Cyber security and prevention in BangladeshRabita Rejwana
 
Data Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataData Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataOpenAIRE
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Kimberly Simon MBA
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Actmrmwood
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overviewJane Lambert
 
Research on Digital Security Act 2018
Research on Digital Security Act 2018Research on Digital Security Act 2018
Research on Digital Security Act 2018Nilima Tariq
 
Introduction to data protection
Introduction to data protectionIntroduction to data protection
Introduction to data protectionRachel Aldighieri
 
DN18 | Making Personal Genomics Transparent, Secure and Equitable | Dennis Gr...
DN18 | Making Personal Genomics Transparent, Secure and Equitable | Dennis Gr...DN18 | Making Personal Genomics Transparent, Secure and Equitable | Dennis Gr...
DN18 | Making Personal Genomics Transparent, Secure and Equitable | Dennis Gr...Dataconomy Media
 
Uses of magnetic stripe cards
Uses of magnetic stripe cardsUses of magnetic stripe cards
Uses of magnetic stripe cardsAllan Hall
 
EU:n yleinen tietosuoja-asetus nuorisotyön näkökulmasta
EU:n yleinen tietosuoja-asetus nuorisotyön näkökulmastaEU:n yleinen tietosuoja-asetus nuorisotyön näkökulmasta
EU:n yleinen tietosuoja-asetus nuorisotyön näkökulmastaHarto Pönkä
 
Data Privacy
Data PrivacyData Privacy
Data PrivacyHome
 

What's hot (20)

What about GDPR?
What about GDPR?What about GDPR?
What about GDPR?
 
Data Privacy and the GDPR
Data Privacy and the GDPRData Privacy and the GDPR
Data Privacy and the GDPR
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographic
 
Cyber security and prevention in Bangladesh
Cyber security and prevention in BangladeshCyber security and prevention in Bangladesh
Cyber security and prevention in Bangladesh
 
Data Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive dataData Processing - data privacy and sensitive data
Data Processing - data privacy and sensitive data
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR Demystified
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overview
 
Research on Digital Security Act 2018
Research on Digital Security Act 2018Research on Digital Security Act 2018
Research on Digital Security Act 2018
 
Introduction to data protection
Introduction to data protectionIntroduction to data protection
Introduction to data protection
 
DN18 | Making Personal Genomics Transparent, Secure and Equitable | Dennis Gr...
DN18 | Making Personal Genomics Transparent, Secure and Equitable | Dennis Gr...DN18 | Making Personal Genomics Transparent, Secure and Equitable | Dennis Gr...
DN18 | Making Personal Genomics Transparent, Secure and Equitable | Dennis Gr...
 
GDPR Presentation
GDPR PresentationGDPR Presentation
GDPR Presentation
 
Uses of magnetic stripe cards
Uses of magnetic stripe cardsUses of magnetic stripe cards
Uses of magnetic stripe cards
 
EU:n yleinen tietosuoja-asetus nuorisotyön näkökulmasta
EU:n yleinen tietosuoja-asetus nuorisotyön näkökulmastaEU:n yleinen tietosuoja-asetus nuorisotyön näkökulmasta
EU:n yleinen tietosuoja-asetus nuorisotyön näkökulmasta
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
 

Similar to US Data Privacy Laws: Legal and Marketing Professionals’ Views

Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Financial Poise
 
Privacy Breaches In Canada It.Can May 1 2009
Privacy Breaches In Canada It.Can May 1 2009Privacy Breaches In Canada It.Can May 1 2009
Privacy Breaches In Canada It.Can May 1 2009canadianlawyer
 
U.S. Data Privacy Report - Patchy preparation for GDPR shows U.S. businesses ...
U.S. Data Privacy Report - Patchy preparation for GDPR shows U.S. businesses ...U.S. Data Privacy Report - Patchy preparation for GDPR shows U.S. businesses ...
U.S. Data Privacy Report - Patchy preparation for GDPR shows U.S. businesses ...Ebiquity
 
I’m attaching some info on the agency I work for. I work remot.docx
I’m attaching some info on the agency I work for. I work remot.docxI’m attaching some info on the agency I work for. I work remot.docx
I’m attaching some info on the agency I work for. I work remot.docxdonnajames55
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceFinancial Poise
 
Carpe Datum! Who knows who you are?
Carpe Datum! Who knows who you are?Carpe Datum! Who knows who you are?
Carpe Datum! Who knows who you are?Kuliza Technologies
 
Sovereignty: the state of data
Sovereignty: the state of dataSovereignty: the state of data
Sovereignty: the state of datadan hyde
 
Actiance whitepaper-social-media-legal-issues-canada
Actiance whitepaper-social-media-legal-issues-canadaActiance whitepaper-social-media-legal-issues-canada
Actiance whitepaper-social-media-legal-issues-canadashibrah76
 
Is More Data Always Better? The Legal Risks of Data Collection, Storage and U...
Is More Data Always Better? The Legal Risks of Data Collection, Storage and U...Is More Data Always Better? The Legal Risks of Data Collection, Storage and U...
Is More Data Always Better? The Legal Risks of Data Collection, Storage and U...Vivastream
 
Is More Data Always Better The Legal Risks of Data Collection, Storage and Us...
Is More Data Always Better The Legal Risks of Data Collection, Storage and Us...Is More Data Always Better The Legal Risks of Data Collection, Storage and Us...
Is More Data Always Better The Legal Risks of Data Collection, Storage and Us...Vivastream
 
Challenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoChallenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoJoel A. Gómez Treviño
 
Data Mining: Privacy and Concerns
Data Mining: Privacy and ConcernsData Mining: Privacy and Concerns
Data Mining: Privacy and ConcernsBradley Buchanan
 
DATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERDATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERYashiVaidya
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer PrivacyAshish Jain
 
2008 12 08 2008 Privacy
2008 12 08 2008 Privacy2008 12 08 2008 Privacy
2008 12 08 2008 PrivacyLance Hoffman
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxadampcarr67227
 
Presentation Yun Li
Presentation Yun LiPresentation Yun Li
Presentation Yun LiYunLi
 
Presentation Y U N L I
Presentation Y U N L IPresentation Y U N L I
Presentation Y U N L IYunLi
 
Presentation Yun Li
Presentation Yun LiPresentation Yun Li
Presentation Yun LiYunLi
 

Similar to US Data Privacy Laws: Legal and Marketing Professionals’ Views (20)

Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
 
Privacy Breaches In Canada It.Can May 1 2009
Privacy Breaches In Canada It.Can May 1 2009Privacy Breaches In Canada It.Can May 1 2009
Privacy Breaches In Canada It.Can May 1 2009
 
U.S. Data Privacy Report - Patchy preparation for GDPR shows U.S. businesses ...
U.S. Data Privacy Report - Patchy preparation for GDPR shows U.S. businesses ...U.S. Data Privacy Report - Patchy preparation for GDPR shows U.S. businesses ...
U.S. Data Privacy Report - Patchy preparation for GDPR shows U.S. businesses ...
 
I’m attaching some info on the agency I work for. I work remot.docx
I’m attaching some info on the agency I work for. I work remot.docxI’m attaching some info on the agency I work for. I work remot.docx
I’m attaching some info on the agency I work for. I work remot.docx
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
 
Carpe Datum! Who knows who you are?
Carpe Datum! Who knows who you are?Carpe Datum! Who knows who you are?
Carpe Datum! Who knows who you are?
 
Sovereignty: the state of data
Sovereignty: the state of dataSovereignty: the state of data
Sovereignty: the state of data
 
Actiance whitepaper-social-media-legal-issues-canada
Actiance whitepaper-social-media-legal-issues-canadaActiance whitepaper-social-media-legal-issues-canada
Actiance whitepaper-social-media-legal-issues-canada
 
Is More Data Always Better? The Legal Risks of Data Collection, Storage and U...
Is More Data Always Better? The Legal Risks of Data Collection, Storage and U...Is More Data Always Better? The Legal Risks of Data Collection, Storage and U...
Is More Data Always Better? The Legal Risks of Data Collection, Storage and U...
 
Is More Data Always Better The Legal Risks of Data Collection, Storage and Us...
Is More Data Always Better The Legal Risks of Data Collection, Storage and Us...Is More Data Always Better The Legal Risks of Data Collection, Storage and Us...
Is More Data Always Better The Legal Risks of Data Collection, Storage and Us...
 
Challenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoChallenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in Mexico
 
Data Mining: Privacy and Concerns
Data Mining: Privacy and ConcernsData Mining: Privacy and Concerns
Data Mining: Privacy and Concerns
 
DATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERDATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPER
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer Privacy
 
2008 12 08 2008 Privacy
2008 12 08 2008 Privacy2008 12 08 2008 Privacy
2008 12 08 2008 Privacy
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
 
Presentation Yun Li
Presentation Yun LiPresentation Yun Li
Presentation Yun Li
 
Presentation Y U N L I
Presentation Y U N L IPresentation Y U N L I
Presentation Y U N L I
 
Presentation Yun Li
Presentation Yun LiPresentation Yun Li
Presentation Yun Li
 

More from IDG Connect

Are you concerned about your online identity?
Are you concerned about your online identity? Are you concerned about your online identity?
Are you concerned about your online identity? IDG Connect
 
Bullying Amongst IT Professionals
Bullying Amongst IT Professionals Bullying Amongst IT Professionals
Bullying Amongst IT Professionals IDG Connect
 
InfoShot: Smartphones Dial Up The World
InfoShot: Smartphones Dial Up The WorldInfoShot: Smartphones Dial Up The World
InfoShot: Smartphones Dial Up The WorldIDG Connect
 
Infoshot: Diversity in Tech Firms
Infoshot: Diversity in Tech FirmsInfoshot: Diversity in Tech Firms
Infoshot: Diversity in Tech FirmsIDG Connect
 
Info shot which is the biggest online time-waster
Info shot which is the biggest online time-wasterInfo shot which is the biggest online time-waster
Info shot which is the biggest online time-wasterIDG Connect
 
Bullying: The Uncomfortable Truth About IT
Bullying: The Uncomfortable Truth About IT Bullying: The Uncomfortable Truth About IT
Bullying: The Uncomfortable Truth About IT IDG Connect
 
State of Hybrid Cloud
State of Hybrid Cloud State of Hybrid Cloud
State of Hybrid Cloud IDG Connect
 
Security in the Hybrid Cloud Now and in 2016
Security in the Hybrid Cloud Now and in 2016 Security in the Hybrid Cloud Now and in 2016
Security in the Hybrid Cloud Now and in 2016 IDG Connect
 
Cyber Security Regulations in Europe
Cyber Security Regulations in EuropeCyber Security Regulations in Europe
Cyber Security Regulations in EuropeIDG Connect
 
OpenStack: The Platform of Choice for Cloud [Infographic]
OpenStack: The Platform of Choice for Cloud [Infographic]OpenStack: The Platform of Choice for Cloud [Infographic]
OpenStack: The Platform of Choice for Cloud [Infographic]IDG Connect
 
Digital Maturity in the Financial Sector
Digital Maturity in the Financial Sector Digital Maturity in the Financial Sector
Digital Maturity in the Financial Sector IDG Connect
 
Desktop as a Service Infographic
Desktop as a Service Infographic Desktop as a Service Infographic
Desktop as a Service Infographic IDG Connect
 
20 Red Hot, Pre-IPO Companies in 2015 B2B Tech
20 Red Hot, Pre-IPO Companies in 2015 B2B Tech20 Red Hot, Pre-IPO Companies in 2015 B2B Tech
20 Red Hot, Pre-IPO Companies in 2015 B2B TechIDG Connect
 
20 Red Hot, Pre-IPO Companies in 2014 B2B Tech
20 Red Hot, Pre-IPO Companies in 2014 B2B Tech20 Red Hot, Pre-IPO Companies in 2014 B2B Tech
20 Red Hot, Pre-IPO Companies in 2014 B2B TechIDG Connect
 
Oracle connect zone case study
Oracle connect zone case studyOracle connect zone case study
Oracle connect zone case studyIDG Connect
 
Ethiopian Business
Ethiopian BusinessEthiopian Business
Ethiopian BusinessIDG Connect
 
Healthcare Report: Robots, Tablets & Social Media
Healthcare Report: Robots, Tablets & Social MediaHealthcare Report: Robots, Tablets & Social Media
Healthcare Report: Robots, Tablets & Social MediaIDG Connect
 
Global big data final
Global big data finalGlobal big data final
Global big data finalIDG Connect
 

More from IDG Connect (20)

Are you concerned about your online identity?
Are you concerned about your online identity? Are you concerned about your online identity?
Are you concerned about your online identity?
 
Bullying Amongst IT Professionals
Bullying Amongst IT Professionals Bullying Amongst IT Professionals
Bullying Amongst IT Professionals
 
InfoShot: Smartphones Dial Up The World
InfoShot: Smartphones Dial Up The WorldInfoShot: Smartphones Dial Up The World
InfoShot: Smartphones Dial Up The World
 
Infoshot: Diversity in Tech Firms
Infoshot: Diversity in Tech FirmsInfoshot: Diversity in Tech Firms
Infoshot: Diversity in Tech Firms
 
Info shot which is the biggest online time-waster
Info shot which is the biggest online time-wasterInfo shot which is the biggest online time-waster
Info shot which is the biggest online time-waster
 
Bullying: The Uncomfortable Truth About IT
Bullying: The Uncomfortable Truth About IT Bullying: The Uncomfortable Truth About IT
Bullying: The Uncomfortable Truth About IT
 
State of Hybrid Cloud
State of Hybrid Cloud State of Hybrid Cloud
State of Hybrid Cloud
 
Security in the Hybrid Cloud Now and in 2016
Security in the Hybrid Cloud Now and in 2016 Security in the Hybrid Cloud Now and in 2016
Security in the Hybrid Cloud Now and in 2016
 
Cyber Security Regulations in Europe
Cyber Security Regulations in EuropeCyber Security Regulations in Europe
Cyber Security Regulations in Europe
 
OpenStack: The Platform of Choice for Cloud [Infographic]
OpenStack: The Platform of Choice for Cloud [Infographic]OpenStack: The Platform of Choice for Cloud [Infographic]
OpenStack: The Platform of Choice for Cloud [Infographic]
 
Digital Maturity in the Financial Sector
Digital Maturity in the Financial Sector Digital Maturity in the Financial Sector
Digital Maturity in the Financial Sector
 
Desktop as a Service Infographic
Desktop as a Service Infographic Desktop as a Service Infographic
Desktop as a Service Infographic
 
20 Red Hot, Pre-IPO Companies in 2015 B2B Tech
20 Red Hot, Pre-IPO Companies in 2015 B2B Tech20 Red Hot, Pre-IPO Companies in 2015 B2B Tech
20 Red Hot, Pre-IPO Companies in 2015 B2B Tech
 
20 Red Hot, Pre-IPO Companies in 2014 B2B Tech
20 Red Hot, Pre-IPO Companies in 2014 B2B Tech20 Red Hot, Pre-IPO Companies in 2014 B2B Tech
20 Red Hot, Pre-IPO Companies in 2014 B2B Tech
 
Green IT
Green ITGreen IT
Green IT
 
Oracle connect zone case study
Oracle connect zone case studyOracle connect zone case study
Oracle connect zone case study
 
Ethiopian Business
Ethiopian BusinessEthiopian Business
Ethiopian Business
 
Healthcare Report: Robots, Tablets & Social Media
Healthcare Report: Robots, Tablets & Social MediaHealthcare Report: Robots, Tablets & Social Media
Healthcare Report: Robots, Tablets & Social Media
 
Global big data final
Global big data finalGlobal big data final
Global big data final
 
Women in IT
Women in ITWomen in IT
Women in IT
 

Recently uploaded

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 

US Data Privacy Laws: Legal and Marketing Professionals’ Views

  • 1. Research Paper May 2013 IDG Connect has produced new research based on marketing and legal professionals’ views of data privacy laws in the US. This sets out to address how the two groups feel about the current state of data privacy legislation and whether there is a disconnect between the two departments. US Data Privacy Laws: Legal and Marketing Professionals’ Views
  • 2. 2 Contents US Data Privacy Laws US Data Privacy Laws 3 A Mess of Legislation 4 Legal Professionals vs. Marketers 5 US vs. EU 7 Conclusion 8
  • 3. 3 US Data Privacy Laws 19% 67% 14% The last few years have seen a surge in the volume of data that organizations hold on individuals, and now, the way marketers communicate with their lists is often subject to legislation. This means marketing and legal departments have to work closer than ever before. However, beyond this, privacy is an issue that impacts everyone. And most people have a personal opinion on the kind of information that many companies own about them. In a bid to explore this further, IDG Connect has produced new research on marketers’ and legal professionals’ views of data privacy. This sets out to address how these groups feel about the current state of data privacy and whether there is a disconnect between the two departments. “Now that modern devices afford abundant opportunities for the perpetration of such [privacy] wrongs without any participation by the injured party, the protection granted by the law must be placed upon a broader foundation.” (Warren & Brandeis, 1890) These words may be over a hundred years old, but they are as true today as when first written, and with the orientation vote imminent in the LIBE on Europe’s General Data Protection Regulation, the United States’ patchwork of data privacy laws has come under renewed scrutiny. Warren and Brandeis’ hallmark article in the Harvard Law Review in 1890 is generally considered to be the basis for establishing the right to privacy as a tradition of common law. Thanks to technological advances, the “right to be let alone” has had to expand considerably and countries all over the world now specific legislation addressing the privacy of data. But do data privacy laws in the United States go far enough? Our survey of 40 legal professionals and marketers across the US showed that an overwhelming majority (81%) of those we asked either didn’t think US privacy laws were sufficient, or didn’t know for sure. One respondent went so far as to claim, “I don’t believe there is any privacy… Companies and individuals are being hacked at an alarming rate even with all the protection they think they have so there is little to no privacy or safety there.” Only 19% of legal professionals and marketers that we surveyed felt that US privacy laws go far enough, and those that did tended to be much more succinct with their comments: “I feel the laws are sufficient.” US Data Privacy Laws: Legal and Marketing Professionals’ Views Do you think US data privacy laws go far enough? Yes No Don’t know 19% 14% 67% 50% 40% 30% 20% 10% 0% 80% 70% 60%
  • 4. 4 US Data Privacy Laws Interestingly, the two industries shared remarkably similar views, with only 18% of marketers and 20% of legal professionals agreeing that current US data privacy laws are adequate. This seems to be supported by our findings that a significant proportion (17%) of marketers do not consider themselves “extremely impacted” by data privacy issues – perhaps if they were, data privacy laws would be considered more effective? As one marketer put it: “If the consumer only knew the practices of some business – from marketers to businesses in the information collection business – there would be outrage.” In the course of this report we will outline current US data privacy laws and present our research into the opinions of legal and marketing professionals in an effort to discover whether US data privacy laws really are sufficient. A Mess of Legislation Unlike almost every country in Europe and most of Latin America, Asia and Africa, the United States doesn’t have a single, comprehensive law on data protection and privacy. Instead, the country relies on a combination of federal and state laws and regulations, and self-regulation. But while companies can be penalized by the FTC for violating their privacy notices, violation is unlikely since the privacy notices are written by the companies themselves. Privacy legislation in the US has often been adopted on an ad hoc basis: new legislation arises as its required (the Video Privacy Protection Act of 1988, the Cable Television Protection and Competition Act of 1992); different legislation exists for different industries (the Health Insurance Portability and Accountability Act (HIPAA), the Fair Credit Reporting Act (FCRA)); and there’s separate legislation covering data held by the government (the Privacy Act of 1974, the Computer Security Act of 1987). Many of the federal laws are specifically designed to protect personal data held by the federal authorities and, as such, don’t have any authority over data collected, held, or used by non-government bodies. This system appears to be geared towards a different world, because today, the big worry for individuals is the information that search engines and online companies like Google, Amazon and Facebook hold. Indeed, one respondent in the legal industry commented that, “personal data is a valuable commodity… the only way many companies (e.g. Facebook) will ‘do the right thing’ with regard to personal data is if the government puts laws in place requiring them to do so”. The key piece of data legislation in the US is the Privacy Act of 1974, which specifically governs the collection, maintenance and use of personal data held by federal agencies. The regulations cover disclosure, access, and amendment of data by an individual, as well as establishing a code of ‘fair information practices’. Disclosure of information is prohibited without the written consent of the individual, except in the case of twelve statutory exceptions; individuals must be granted access to their records; and given the opportunity to amend those records if they can prove them inaccurate or irrelevant. In 1988, the Privacy Act was amended to include The Computer Matching and Privacy Protection Act, with further amendments in 1990. The amendment improved protections for individuals whose records are used in automated matching programs by requiring a standardized procedure in carrying out matching programs; due process in order to protect subjects’ rights; and the establishment of Data Integrity Boards at each matching agency to supervise matching programs.
  • 5. 5 US Data Privacy Laws As with many of the federal privacy laws in the United States, the Privacy Act only applies to records held by an “agency”, meaning that any records held by non-agency entities are not covered. While there’s a plethora of laws in the US that cover data privacy, the lack of a cohesive privacy law is seen by some as inadequate, as one legal professional put it, “US law is very limited and narrow in scope. There are many gaps where there is not law and many others where the law is uncertain.” Legal Professionals vs. Marketers: Professional and Personal Opinions We surveyed 40 legal and marketing professionals in the United States to find out whether they think current US data privacy laws are sufficient. The results were similar across the two professions, with just 18% of marketers and 20% of legal professionals of the opinion that privacy laws as they stand are adequate. The overwhelming majority of marketers (72%) thought that data privacy laws in the US do not go far enough; 50% of legal professionals agreed with this response, while 30% weren’t sure. Some of those we surveyed openly admitted to not being sufficiently versed in US Privacy laws – “Not educated on the topic”. Do you think US data privacy laws go far enough? Marketers are well-known for using personal data in their professional lives, but do their personal and professional views on data privacy laws differ? Would you expect more conflict from a marketing professional than a legal professional? We found that the response from legal professionals was quite close, with 60% of respondents saying they didn’t feel there was a conflict between their personal views and professional experiences when it comes to data privacy. We were surprised that the majority of marketers also responded in the negative (53% felt no conflict). However, one marketer was particularly strident in her view of their fellow marketers: “When it comes to business many, such as myself, will go above and beyond what is necessary to stay in compliance, but at the same time I find competitors take advantage of the weak, crossing the line in the sand which should be well established.” Is there ever a conflict between your personal views and professional experiences when it comes to data privacy? Legal Marketers 20% 18% 50% 30% 72% 10% Don’t Know No Yes No Yes 40% 60% 47% 53% Legal Marketers 0% 20% 40% 60% 80% 100%
  • 6. 6 US Data Privacy Laws The responses of both legal professionals and marketers were varied when asked how they were impacted professionally and personally by data privacy issues. Our legal professionals were those most strongly impacted professionally by data privacy issues, with half of respondents saying they were “extremely impacted”. The majority of marketers (60%) however, took a middle-of-the-road view of any professional impact. Neither industry seemed significantly impacted personally by data privacy issues, with just 33% of legal professionals and 20% of marketers claiming to be “extremely impacted”. However, this may be a simple case of being unaware of any issues – as one legal professional commented, “I don’t know if my data privacy has ever been compromised.” How impacted are you professionally by data privacy issues? How impacted are you personally by data privacy issues? The sufficiency of US data privacy laws for some respondents however, is not the main issue – the government that makes the laws is. One marketer explained, “Ironically, I find the US government is one of the worst violators when it comes to privacy and collection of information”, while another held both the government and businesses to account, saying, “Too much snooping by the government, not enough honesty and transparency by businesses”. Others believe that the government should stay out of data privacy all together, since it is down to the individual to protect their own data. Law enforcement was also accused of sidestepping privacy laws: “There are still too many people than can just say, ‘I want this data, turn it over.’ Even if they are law enforcement, they still need a warrant and a good reason, not just ‘I think this person did something and I want to see what’.” Not at all impacted Somewhat impacted Very impacted Extremely impacted Neither impacted nor unimpacted Not at all impacted Somewhat impacted Very impacted Extremely impacted Neither impacted nor unimpacted Legal Marketers 50% 40% 30% 20% 10% 0% 40% 30% 20% 10% 0%
  • 7. 7 US Data Privacy Laws US vs. EU: What Do the Differences Mean for Privacy? Unlike the US, every country in the European Union adheres to the Data Protection Directive, a set of laws that protect an individual’s privacy, and give them the means to take action if that privacy is violated. Furthermore, EU citizens’ data is protected regardless of the industry, unlike in the US where a patient could sue their doctor for revealing personal information, but couldn’t sue a website for revealing the same information. Despite this however, some of our respondents are happy with the US’ current laws, with one saying, “I think US laws protect individuals sufficiently. I don’t think the extra protection provided by the EU translate into *better* protection”. Debate has been raging on both sides of the Atlantic over the sufficiency of privacy laws in light of proposals currently before the European Parliament for the General Data Protection Regulation (GDPR). The GDPR will replace the current EU Data Protection Directive that doesn’t take into account the effects of globalization and technological developments like social networks and cloud computing. The new legislation will not be limited to countries within the EU, but will also apply to all US companies processing the data of European residents. If accepted, the law will prevent web businesses from performing basic collecting and profiling unless an individual gives their explicit consent. This will be a serious change because additionally, businesses will have to permanently delete personal information upon request, with the potential of a fine of up to 2% of their annual sales for not complying. The proposals are currently under consideration by the European Parliament, with adoption expected in 2014 provided that the provisions are agreed upon. The outcome of the parliamentary debate will be critical to technology companies in the US, since a third or more of their sales can be generated in the European Union. The debate over the GDPR is not the first US-EU conflict over privacy and protection laws. When the EU Data Protection Directive was passed, it in theory prohibited the transfer of personal information from the EU to the US because the US does not have equivalent privacy protection in place. This is where the Safe Harbour framework came in. Described by Google as “a robust and highly successful privacy framework that has benefited consumers and our economies over many years”, the US-EU Safe Harbor Agreement is designed to prevent the accidental loss or disclosure of information by enforcing adherence by US companies to seven principles. However, with Europe considering its new privacy policy, the US has raised concerns over what will happen to the Safe Harbour Framework and what effect it will have on businesses. The Department of Commerce has announced clarifications regarding the US-EU Safe Harbor Framework and Cloud Computing that state as an officially recognised mechanism, approved by the European Commission, the Framework cannot be dismissed by the EU regulators. This may bring relief to those US companies that will be affected in a change in EU data privacy law, but is it the end of the matter? The Framework may be safe from complete elimination, but the European Commission is likely to reopen discussions about its content so they will more closely match the new legislation.
  • 8. 8 US Data Privacy Laws Conclusion So what does the future hold for US privacy law? With the GDPR due for adoption next year, many companies in the United States are worried about the impact the stricter data privacy legislation will have on their business. But is stricter legislation necessarily better? While 81% of our respondents don’t think so, some do, with one respondent going so far as to say that the laws themselves aren’t the problem – “it’s that the average consumer isn’t aware of concerned as they should be. We need to raise consciousness to the problems and issues”. So is that the simple solution – better privacy education? Given the speed of technological innovation this seems reasonable, after all, how can the law ever keep up with the speed of tech? About IDG Connect IDG Connect, a division of International Data Group (IDG), the world’s largest technology media company, produces, publishes and distributes local IT and business information on behalf of a truly global client base. Established in 2005, we have a fully nurtured audience of 2.6 million professional decision-makers from 130 countries, and an extended reach of 38 million names. This lets us conduct research, create independent analysis and opinion articles, and drive long-term engagement between professionals and B2B marketers worldwide. For more information visit www.idgconnectmarketers.com