search this site
A business, technology, and innovation focused law firm in Dallas, Texas providing patent, trademark, trade dress,
copyright, and trade secret litigation, licensing, prosecution, and other intellectual property counseling
Privacy Policy

Privacy concerns arise in any situation where personal information is collected and stored.  A Privacy Policy should be disclosed to a consumer in a clear and conspicuous manner.  Further, it should be reasonably understandable by the reader and disclose the ways the party gathers, uses, discloses, and manages personal information.

 

The Fair Information Principles, published by the U.S. Federal Trade Commission, provides a set of non-binding governing principles for the commercial use of personal information.  These principles offer guidance to draft policies that encompass existing privacy concerns.  The four critical issues identified in Fair Information Principles are: (1) notice, meaning that information practices must be disclosed before personal information is collected; (2) choice, meaning that consumers must be given options as to how collected personal information can be used beyond the purpose for which it was provided; (3) access, meaning consumers should be able to check the accuracy and completeness of personal information collected; and (4) security, meaning that reasonable steps must be taken to assure consumers that the personal information collected is secure from unauthorized use.

 

In order to conform with the Fair Information Principles, a Privacy Policy generally includes statements regarding the following: (1) the sources from which personal information is collected; (2) specifically how the collected personal information is used; (3) with whom the collected personal information is shared; (4) an option allowing consumers to opt out of the disclosure of personal information to third parties; and (5) the steps taken to protect the collected personal information.

 

While there is not a single comprehensive body of law that is generally applicable to privacy policies, there are some federal laws which govern Privacy Policies under specific circumstances.  The most notable of these are explained below.

 

The Children’s Online Privacy Protection Act (COPPA) mandates that commercial websites, which direct online services to children under 13, or that knowingly collect information from them, inform parents of their information practices, and obtain verifiable parental consent before collecting, using, or disclosing personal information from children. In addition to posting a privacy policy, these websites must also adhere to enumerated information-sharing restrictions. 

 

The Gramm-Leach-Bliley Act requires institutions significantly engaged in financial activities to provide clear, conspicuous, and accurate statements of their information-sharing practices. The Act also restricts the use and disclosure of financial information to unauthorized third parties.

 

The Health Insurance Portability and Accountability Act (HIPAA) requires notice in writing of the privacy practices of health care services.  HIPPA protect how an individual’s health information is used by organizations and disclosed to others. All health care providers, insurance companies, employer-sponsored health plans and HMOs are the covered entities, which must comply with this privacy rule’s guidelines. The covered entities of HIPAA are one of the most extensively regulated niches, regarding information privacy.

 

Some states have implemented more stringent regulations for Privacy Policies. For example, California requires "any commercial web sites or online services that collect personal information on California residents through a web site to conspicuously post a Privacy Policy on the site".  Additionally, both Nebraska and Pennsylvania have laws treating misleading statements in Privacy Policies published on Web sites as deceptive or fraudulent business practices

 

U.S. companies should also be particularly cautious with e-commerce, because the European Union (EU) has far stricter privacy regulations, which can affect U.S. companies. The EU Data Privacy Directive prohibits EU organizations from transferring personal data to countries where privacy protection is not deemed adequate. To prevent the interruption of data transfers from the EU to the U.S., the EU approved a “safe harbor.” The safe harbor permits U.S. companies that voluntarily abide by the safe harbor principles to continue data transfers with the EU member states. U.S. companies within the safe harbor are presumed to provide adequate privacy protection.

 

If you are interested in additional information on the topic of Privacy Policies, or if you have any questions, please contact a K&K attorney.  

 

K&K offers an array of services in the areas of intellectual property including patents, trademarks, copyrights, trade secrets as well as intellectual property litigation and enforcement.  Further information on these and other services is available at www.kk-llp.com

 

 

 



RETURN TO MEDIA KIT
PREVIOUS WHITE PAPER
Topic: Texas Theft Liability Act for Trade Secrets

Date: 10/14/2008

TTLA for Trade Secrets

READ FULL WHITE PAPER
CONTACT US
Home  |  About Us  |  Services  |  People  |  News  |  Clients  |  Resources  |  Recruiting  |  IP ADR  |  Contact Us
© 2010 K&K LLP. All rights reserved. 8150 N. Central Expy, Suite 1150, Dallas, Texas 75206
214.367.6000		 Terms of Use - Site Map - Disclaimer - Privacy Policy