Exposing Legal Land Mines: Protecting the Privacy and Integrity of E-Records Is a Critical Issue for Information Professionals; Understanding E-Records Laws and Company Policies Can Help. (Legal Watch)
Cogar, Rae N., Information Management
The legal landscape is changing rapidly with the passage of new laws whose intent is to bring technology under control through the legal system. These new laws provide guidance not only on what is considered an electronic record or electronic signature but also on how these technologies should create and maintain data to meet legal evidentiary requirements and ensure its privacy.
The new laws cover a wide variety of complex issues, but there is one that is most important: the privacy of collected information, both on the Internet and within corporate systems. What these laws do not address is the hidden legal menace of spoliation -- the intentional or unintentional destruction of evidence -- that can cause great harm to a business in litigation or in achieving compliance under a regulatory agency.
Companies must be aware that the European Union (E.U.) has stringent privacy rules for data protection and these rules affect companies doing business with E.U. member countries, whether traditionally or over the Internet. In August 2001, a survey of 75 U.S. corporate Web sites found that none measured up to the E.U. standards for ensuring the privacy of customers' personal information.
U.S. regulations ensuring privacy protection are focused in three major areas: information collected from children, financial information, and health information.
Recent studies suggest that companies need to be more attentive to the requirements of COPPA and the consequences of non-compliance. The Center for Media Education issued a report in April 2001 in which 153 Web sites were examined. The majority did not obtain prior parental consent or provide parental notice before collecting personal information from children and did not feature prominent links to their privacy policies as required by COPPA. Violations of COPPA are prosecuted by the FTC under section 5 of the FTC Act as unfair or deceptive trade practices. Penalties may include civil fines up to $11,000 per violation, attorney's fees, and injunctive measures to stop non-compliant practices.
COPPA recognizes a safe harbor, or protection from penalty, for companies that comply with self-regulatory guidelines, which are issued by online businesses and approved by the FTC. …