Salesforce: Data Protection Laws In USA
US Privacy Law Basics
Privacy a term which is related to the protection of information. Privacy law established into the globe to protect information about an individuals. Privacy law determines that how they define the data they seek to protect. As per an example, “personally identifiable information” or “personal information” are basically used to define the information which get covered under the laws of US privacy, focusing upon an information that can be used to identify an individual.
An actual identification of a person by their related information like an identification number, name, an online identifier (such as a username), location data, or their physical, genetic, or other identity can be termed as Data Subject or Individual.
Privacy Protections in the United States
In 1965 the US Supreme Court recognised a constitutional right in Griswold v. Connecticut. Further congress developed the right to privacy in year 1974 when the Privacy Act get passed, restricting federal agencies in their collection, use, and disclosure of personal information. After this act, the USA became one of the first countries in the world to adopt a major privacy law. In present, the US has collection of privacy and data protection laws at the state and federal level. In according to an organisation the information they collects and use are specifically comes under one of these laws. Many different privacy laws that US have because it follows a sectoral approach to privacy regulations.
Some US government agencies enforces privacy laws for specific industries, beyond an industry-specific laws and regulators the primary authority regarding privacy issues has emerged which is Federal Trade Commission (FTC). There was a huge competition in commerce for which the FTC was established in year 1914 to prevent an unfair competition in commerce and further the role of FTC expanded in general consumer protection in 1938. FTC started addressing privacy issues under this authority in 1990s.
Key Privacy Laws in the US
- Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM)
- Children’s Online Privacy Protection Act (COPPA)
- Electronic Communications Privacy Act (ECPA)
- Fair and Accurate Credit Transactions Act (FACTA) and Fair Credit Reporting Act (FCRA)
- Family Educational Rights and Privacy Act (FERPA)
- Gramm-Leach-Bliley Act (GLBA)
- Health Insurance Portability and Accountability Act (HIPAA)
- Privacy Act
- Telephone Consumer Protection Act (TCPA)
US Privacy Law for the Financial Services Industry
Privacy plays an extreme role in financial sector to maintain equal balance of security and privacy of an individual. The specific owners of their own finance is an only responsible personality to look over their financial fitness or those to whom that person allow to share their financial stability. While have a huuge focus upon this whole there are
Some Regulation of the Financial Services Industry
- Consumer reporting agency (CRA)
- Consumer report
- Investigative consumer report
Fair Credit Reporting Act (FCRA) and Fair and Accurate Credit Transactions Act (FACTA)
Fair Credit Reporting Act (FCRA) : Federal Government legislature makes law for promoting privacy of consumer information, accuracy and fairness contained in the files of consumer reporting agencies. The collection, dissemination, and use of consumer information, including consumer credit information regulated by FCRA. The FCRA was primarily introduced in year 1970 which was further enforced by the US Federal Trade Commission which is the Consumer Financial Protection Bureau and private litigants.
Fair and Accurate Credit Transactions Act (FACTA) : The Fair and Accurate Credit Transactions Act of 2003 (FACTA) is a federal consumer-rights law that amended the Fair Credit Reporting Act of 1970 (FCRA). Reducing the risk of theft by regulating how consumer account information (such as Social Security numbers) is handled is the primary purpose of FACTA
Gramm-Leach-Bliley Act (GLBA)
Under GLBA, nonpublic personal information is personally identifiable information of a financial nature that meets one of the following criteria:
- It was provided by a consumer to a financial institution
- Transactions or services performed for the consumer results GLBA
- Examples of nonpublic personal information include
Basic contact information
- Social Security number
- Account number
- Application information
- Internet cookie information
- Consumer report information obtained by the financial institution
- Whether a consumer is a customer of the financial institution
New York Department of Financial Services Cyber security Regulations
For protecting the financial institutions and their customers from the growing threat of cyber-attacks the New York Department of Financial Services (NYDFS) issued Cyber-security Regulations in year 2017.
The regulations framed up by NYDFS applicable to all companies subject to this agency’s authority. It's been a requirements that some companies assess their cyber-security practices and risks, establish a robust cyber-security program, and report potentially harmful cyber events to the NYDFS.
Companies that follows NYDFS regulations must have a chief information security officer and other personnel for development and managing a cyber-security program. State law filling a gap in the federal privacy laws consider New York regulations as their example.
The Salesforce Commitment to Privacy
In Salesforce the place of trust is on high priority and they embody that value through their robust security and privacy programs, which are designed to meet the highest standards in the industry. While concerning more about the security in Salesforce, Salesforce has multiple security related certifications which are based on technical, administrative, physical safeguards which they use to protect the personal information of their customers.
For some of our services, these certifications include:
- The International Organisation for Standardisation (ISO) 27001 and 27018 standard
- The American Institute of CPAs’ (AICPA) System and Organization Controls (SOC) reports
- The Payment Card Industry Data Security Standards (PCI DSS)
- The TÜV Rheinland Certified Cloud Service
- The UK Cyber Essentials Scheme
Certain services also have earned the TRUSTe Certified seal, signifying that the privacy certification organization TRUSTe reviewed our privacy practices and found them to be in compliance with their certification standards.
Thanks For Reading!!