The data and records of customers and citizens of the United States businesses and government must apply increasingly complex laws and regulations to ensure that their information is protected. To ensure that this is done in the correct way, people depend heavily on the private information act.
Accepting the U.S. personal information protection laws is often times difficult because of the amount of laws and regulations that affect and relates to these issues. According to the Identity Theft Resource there were more that 79 million records that were reported compromised in 2007. Due to the increase in data collection and methods that are easier to use to collect this information protecting personal information has become quite a task in businesses and government entities.
There is a growing trust and reliance on computers and similar technologies to make these tasks quicker and to guard private information. People are relying more and more on the Internet to conduct business transactions and other similar activities from home. As such, there is the requirement of doing completing these activities by revealing your personal information to the online sources. This therefore leaves your information to be accessed from culprits without authorization.
Due to the increase in security breaches over the years that involve PII – personally identifiable information, there has been an increased loss in millions of records. These breaches are hazards to both organizations and individuals. The harm that it poses to individuals involves:
- identity theft
The harm that it poses to organizations includes:
- the loss of trust I the eyes of the public
- legal liability
- remediation costs
To protect the confidentiality of PII then it is the responsibility of the organization to take every step necessary. They can do this by:
- creating a full disk encryption, USB,
- creating a policy based email encryption
- getting al antivirus, firewall and applications from one single agent
- use automatic rules such as file matching and content rule
- introduce methods of web control
- enforce methods of web control
- educate users
- create policies regarding the handling of data
Privacy protection laws and Records Management
The public law that was enacted in 1974 as the privacy act was founded by congress that the right to privacy is a personal and fundamental right that is protected by the constitution of the United States. It was recognized that there is a need for privacy of information and this includes all segments of the population. Citizens of the United States are affected by the collection of government data, dissemination and there are a number of privacy laws that speak directly to this sector.
There are different ways that you can be affected by the private information act. Depending on the act, PII can include:
- medical information
- financial information
- political affiliation
- educational records
- social organization affiliation
- video viewing preferences
- religious affiliation
With the need to protect your social security number there is an agreement to the privacy laws. There are at least five federal laws that restrict the use or disclosure of the social security number including the following:
- the fair credit reporting act
- the fair and accurate credit transactions act
- the Graham- LeachBliley Act
- the Drivers Protection Act
- the health insurance portability and accountability act
In a memorandum that was issued in 2007 from the office of management and budget it was noted that it is a requirement for federal agencies to review their social security number in their systems and programs to identify superfluous collection or use of the social security number and to eliminate unnecessary collection and use by mid-2010. To further help with protecting the information of citizens, agencies are required to take part in government-wide efforts so that they can explore alternatives to the SSN as a personal identifier for both federal employees and in federal programs. There are four main categories of privacy. These are:
- Information privacy – this has to do with the constitution of rules that govern the collection and handling of personal information. This includes credit information, government records and medical data.
- Bodily privacy – this has to do with focusing on the physical being of a person and any invasion of this person. This includes conducting genetic testing, drug testing or body cavity searches.
- Territorial privacy – this has to do with enforcing limitations on the ability to trespass into another individual’s environment. This includes being at home. In the workplace, in a public space, and can extend to an international level. Invasion of typically comes in the form of video surveillance, ID checks and use of similar technology and procedures.
- Communication privacy – this includes the protection of the means of correspondence that includes:
- Postal mail
- Conversations via telephone
- Electronic email
- Other forms of communicative behavior and apparatus
It is quite important that companies take privacy laws into mind in the most serious way since it is partly their responsibility to ensure that the information garnered from their customers is safely kept. The onus is also on the customer to take the necessary steps as well to ensure that their information is protected in every way possible. The act is only there as a guideline to help with the protection of the personal information of people but the task must be done by the people who will be most greatly affected in a negative way.