What You Need to Know Now About Privacy Laws for Your Online Business

What You Need to Know Now About Privacy Laws for Your Online Business
Beginning March 1 of this year, there will be a new paradigm shift in data security requirements for many online businesses.  This is because the Massachusetts legislature has enacted the strictest, and most far-reaching data security regulations for any person or business that owns or licenses “personal information” of a Massachusetts resident.  Even California business owners should pay close attention to the data security laws of other states, because as your business grows and it begins to operate on a nation-wide or even world-wide level, the laws of far-away jurisdictions can apply to your operations.
Your online business must comply with both federal privacy laws and the privacy laws of any given state if you have come to possess, own, or license the “personal information” of any resident of that state.  Complying with federal law is comparatively simple in that the law is uniform across the nation.  The general rule of thumb for complying with federal privacy law is that you better uphold those promises and obligations in your online Privacy Policy.  See 15 USC § 45a.
Complying with state law, by contrast, can be mind-numbingly confusing because your nation-wide online business must comply with 50 separate statutory schemes.  The easiest solution for many businesses is to identify the state with the strictest privacy laws, and make sure to abide by those laws.  Beginning March 1, 2010, that state will be Massachusetts when 201 CMR 17.00[hyperlink
Is there a way to make “201 CMR 17.00” a hyperlink? And the same for the other hyperlinks below, for California, notice, and Nevada, respectively
: http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf] goes into effect.
Many states, including California [hyperlink: http://www.docstoc.com/docs/24306397/California-Business-and-Professions-Code-Sections-22575-22579], require that you post a privacy policy and comply with it, and that your business discloses [hyperlink: http://codes.lp.findlaw.com/cacode/CIV/5/d3/4/1.81/s1798.82] a breach in security if that occurs.  Nevada [hyperlink: http://www.leg.state.nv.us/NRs/NRS-597.html] takes a slightly stricter approach insofar as your business must have certain encryption procedures for the transmission of personal information of Nevada residents.  See NRS 597.970.  Massachusetts has far surpassed Nevada insofar as your business must comply with detailed and comprehensive data security requirements including, but not limited to, 1) comprehensive data security systems with encryption and restricted access, 2) comprehensive monitoring and maintenance protocols of these systems; and 3) comprehensive employment policies and procedures relating to data security.
The Law Offices of Aaron J. Stewart can help your online business develop and implement a privacy policy that protects you and your customers, and complies with all applicable laws and regulations!  Please contact our firm for more information.

Beginning March 1 of 2010, there will be a new paradigm shift in data security requirements for many online businesses.  This is because the Massachusetts legislature has enacted the strictest, and most far-reaching data security regulations for any person or business that owns or licenses “personal information” of a Massachusetts resident.  Even California business owners should pay close attention to the data security laws of other states, because as your business grows and it begins to operate on a nation-wide or even world-wide level, the laws of far-away jurisdictions can apply to your operations.

Your online business must comply with both federal privacy laws and the privacy laws of any given state if you have come to possess, own, or license the “personal information” of any resident of that state.  Complying with federal law is comparatively simple in that the law is uniform across the nation.  The general rule of thumb for complying with federal privacy law is that you better uphold those promises and obligations in your online Privacy Policy.  See 15 USC § 45a.

Complying with state law, by contrast, can be mind-numbingly confusing because your nation-wide online business must comply with 50 separate statutory schemes.  The easiest solution for many businesses is to identify the state with the strictest privacy laws, and make sure to abide by those laws.  Beginning March 1, 2010, that state will be Massachusetts when 201 CMR 17.00 goes into effect.

Many states, including California, require that you post a privacy policy and comply with it, and that your business discloses a breach in security if that occurs.  Nevada takes a slightly stricter approach insofar as your business must have certain encryption procedures for the transmission of personal information of Nevada residents.  See NRS 597.970.  Massachusetts has far surpassed Nevada insofar as your business must comply with detailed and comprehensive data security requirements including, but not limited to, 1) comprehensive data security systems with encryption and restricted access, 2) comprehensive monitoring and maintenance protocols of these systems; and 3) comprehensive employment policies and procedures relating to data security.

The Law Offices of Aaron J. Stewart can help your online business develop and implement a privacy policy that protects you and your customers, and complies with all applicable laws and regulations!  Please contact us for more information at info@chicolawfirm.com for more information.