Most businesses are full of secrets, whether it's customers' financial data or employees' health problems. It's good business not to blab people's private affairs, and that also keeps you out of trouble with the law. Federal and state laws set restrictions on loose gossip about health issues, children's personal data and financial information.
If you have a company health plan, the Health Insurance Portability And Accountability Act probably covers it. HIPAA requires you adopt polices and procedures to keep your employees' medical information private. That includes employees' past, present or future physical or mental health, and the health-care services they've received under the plan. It's not an issue if nobody can identify the employee. If there's a name attached to the data, however, you may be in trouble.
The Genetic Information Nondiscrimination Act forbids businesses from considering the results of genetic tests in employment decisions. It also forbids any organization covered by the act from divulging genetic information about job seekers or employees. Genetic test results have to be kept in a confidential file, separate from other medical data. The law covers employers, unions, employment agencies and apprenticeship programs.
The Children's Online Privacy Protection Act governs data collected online from children under 13. If you know your website collects information from kids, you have to post a policy statement on the site, saying what information you gather and whether you share it with third parties. You have to make a reasonable effort to get parental consent to collect or use the information.
Under the Gramm-Leach-Bliley Financial Modernization Act, financial companies such as banks and credit-card companies have to tell consumers how the company uses financial information. The company's regular customers get a notice automatically every year. The privacy notice is usually sent by mail. Simply posting it on the office wall isn't enough notification to meet the law.
Federal laws are the law everywhere in the United States. On top of that, many states have passed their own privacy laws. The California Reader Privacy Act, for instance, says online booksellers can only disclose information about a customer's reading habits or purchases if the customer approves, or if the data is covered by a search warrant or court order. Connecticut requires any business that collects Social Security numbers to have a policy for protecting the information.
- Department of Health and Human Services: Summary of the HIPAA Privacy Rule
- Equal Employment Opportunity Commission: Genetic Information Discrimination
- COPPA - Children's Online Privacy Protection Act
- Federal Trade Commission: In Brief: The Financial Privacy Requirements of the Gramm-Leach-Bliley Act
- National Conference of State Legislatures: State Laws Related to Internet Privacy
- Photo Credit Stockbyte/Stockbyte/Getty Images
What Is Business Law & Ethics?
It’s easy to think that business law and business ethics are interchangeable. They are not. In a best-case scenario, they should shadow...
HIPAA Privacy Rules & New Jersey State Law
Since federal privacy laws went into effect in 1996 and 2003, New Jersey has followed and sometimes even surpassed national standards for...
The Environmental Factors That Affect a Business
The environment, or the uncontrollable factors that affect how a business operates, can have significant effects on an organization's productivity and success....
Environmental Factors That Affect a Small Business
The federal government has enacted over 10 major laws that deal with the protection of our environment and the health and safety...