Regulations

The GDPR (General Data Protection Regulation) is a regulation that was created in the European Union and applies to any company that does business in the European Union. Company Regulations

Create and maintain a privacy policy to inform consumers about how companies handle data
Be transparent regarding the communication of the rights of consumers
Companies must provide information about where personal data is collected, and what personal data is explicitly not collected
Show that the consumer has consented to the processing of their data, and make said consumer aware they can withdraw this consent
Communicate the rectification, erasure, or restriction of processing on data

Consumer Rights

Right to obtain the data the company has concerning them
Right to complete incomplete data
Right to restrict processing of data
Right to object to the processing of personal data

Click here to go to the GDPR

HIPAA (The Health Insurance Portability and Accountability Act) is a federal regulation that was signed into effect on August 21, 1996, and applies to specifically electronic patient health information. Company Regulations

Must only share patient health info on a "need-to-know" basis and have procedures in place to limit access to patient health information
Must explicitly state that health information cannot be used or shared without the consumer's written permission unless HIPAA allows it
People are not allowed to look at patient health information unless it is to help with treatment, help with payment, help family members or relatives who are involved in the care, make sure doctors give the best care they can, protect the public health, or make police reports

Consumer Rights

Right to see your health records
Right to have corrections made to your data
Right to receive notice about how your health information is being used or shared
Right to get reports on when and why the health information was shared
Right to give permission before any health information about you can be shared or used for certain purposes

Click here to go to HIPAA Home

COPPA, or the Children's Online Privacy Protection Act, was enacted on October 21, 1988. This act is a federal law that imposes requirements on websites that collect data on children. Company Regulations

It is unlawful to collect and maintain personal information about children
Company must provide notice about what data it collects from children, how it uses the information, how it discloses the information to other parties, and if there are any changes made to the policy for collection, use, or disclosure
The company must obtain parental consent prior to collection, use, or disclosure of personal information from a child
Companies must ensure that there is a means for parents to view the personal information collected and refuse to permit the future use of data
Companies must delete children's personal information after it is no longer necessary to keep, and ensure the confidentiality, security, and integrity of the data collected from children is protected

Consumer Rights

Parents of children have the right to review information provided by their children
Parents can permit the use or future collection of information on their child
Parents can direct data controllers to erase the personal information collected from the child

Click here to go to COPPA

GLBA (The Gramm-leach Bliley Act) was enacted on November 12, 1999 and was an act that reformed the financial services industry by addressing the privacy of consumer personal financial information. Company Regulations

Financial institutions are required to give notice of their privacy policies to their customers annually, before disclosing any financial information to third parties, and must allow the consumers to opt-out from disclosure to the third parties.
Account numbers are not allowed to be shared for marketing purposes
Companies may only obtain financial information legally and are prohibited from obtaining information by false pretenses

Click here to go to GLBA

The CCPA (California Consumer Privacy Act) is a California state statute that was created to improve the privacy rights and consumer protection for residents of California and was enacted on June 28, 2018. Regulations

Right to know what personal information is collected, how it is used, and how it is sold
Right to delete personal information held by businesses and providers
Right to opt out of the sale of their personal information
Right to withdraw consent at any time
People under the age of 16 can only opt in with consent, and children under the age of 13 must have parental permission to opt in
Right to non-discrimination if a customer exercises a privacy right
Businesses are required to provide a "do not sell my info" link and must respond to these requests without delay

Click here to go to CCPA

the CPRA (California Privacy Rights Act) which was enacted on November 3, 2020, builds off of the CPPA. How It Builds Off Of CPPA

Right to deletion now includes notifying third parties that have the shared information and instructing them to comply with the deletion request as well
Right to correction of information
Right to limit the sensitive personal information collected
Right to access their information
Right to opt out
Right to data portability
Consumers can request personal information, collection sources, collection purposes, what third parties have access to their personal information, and information that has been corrected
Businesses must inform consumers about how they collect and use personal information and how they can exercise their rights
Businesses must only collect relevant personal information for legitimate disclosed purposes
Businesses must take precautions to protect consumer's personal information from security breaches

Click here to go to CPRA