Saturday, May 8, 2010

More on regulations

Since we are on the topic of new regulations, a new draft legislation was introduced in US Congress last week. This legislation is meant to protect the privacy of personal information on the Internet. This will have significant impact on E-commerce business and how they collect information, both via logs and cookies. As information security practitioners, it will be another legislation to worry about and comply with.


So, what does it say?


The legislation applies to what they call as "covered entity," which refers to a company involved in e-commerce that collects "covered information". "Covered information" includes , first name or initial and last name, a postal address, a telephone number, SSN, financial account number, or an email address. So, what are these e-commerce organizations expected to do?
  • Provide an individual with a privacy notice and an opportunity to opt-out before they may collect, use, or disclose covered information from or about that individual
  • Obtain the opt-in consent of individuals before collecting sensitive information such as medical or financial records
  • Obtain the opt-in consent of individuals before sharing covered information with unaffiliated parties and
  • establish, implement, and maintain appropriate administrative, technical, and physical safeguards to protect covered information.

If you are interested in knowing more about this draft legislation, see below
http://www.boucher.house.gov/images/stories/Privacy_Draft_5-10.pdf

No comments: