Privacy Drivers
Even with the relatively pragmatic attitude of most U.S. consumers regarding privacy, there are still many significant laws and regulations affecting organizations. Table 4-1 shows some of the more prominent laws and regulation concerning privacy. In the U.S. and Canada, those laws tend to be limited to specific kinds of organizations (e.g., health care and financial services), but the European Union directive (the one that tripped up GM in its efforts to build an employee phone directory) is extremely far reaching.
Table 4-1. Some privacy laws and regulations
|
Law/regulation |
Description |
|---|---|
|
Canadian Personal Information Protections and Electronic Documents Act |
Applies to employees of firms regulated by the federal government. Recognizes an employee's right to privacy and imposes principles that employers must follow with respect to the personal data of their employees. |
|
Customer Identification Program (Patriot Act) |
Applies to financial services organizations in the U.S. Requires the collection and storage of customer data and its verification against government-owned lists of known or suspected terrorists. |
|
European Data Protection Directive |
Applies to organizations operating in the European Union. Imposes wide-ranging obligations regarding the collection, storage, and use of personal information relating to employees and customers. |
|
Health Information Portability and Accountability Act (HIPAA) |
Applies to any organization that manages health care data in the U.S. ... |