It's All About Privacy Laws

These days it's easy to become distracted. We're all doing our best to restart our stalling economy, while simultaneously managing our day-to-day affairs.

In the meantime, however, legislation is occurring around us that may affect the way your company conducts its business online. If you're not careful, while you're busy doing other things, your business might unknowingly violate some of these laws. For example, if either of the following two names sound familiar to you, raise your hand: The Gramm-Leach-Bliley Act, and the Health Insurance Portability and Accountability Act of 1996. These are just two of the many laws that have kicked into high gear over the past few months, either of which could seriously impact your online company.

Privacy is in many ways the No. 1 issue affecting the Internet. Unfortunately, from a legal perspective, it's still tough to tackle. We all want to do everything online, but we're not quite ready to give up all of our personal information or privacy rights to do it. We want the government to take a hands-off approach to governing the Internet, while at the same time we clamor for laws that punish those who steal our sensitive information using the ubiquitous resources of the Web.

Congress has tried to deal with online privacy through various pieces of legislation. From a business perspective, trying to keep tabs on Congress' love/hate relationship with e-privacy rules has driven more than one CEO to therapy. Although much of what is proposed never becomes law, some e-privacy rules have survived congressional roadblocks and presidential vetoes. The Gramm-Leach-Bliley Act is one such law.

Financial Privacy

Named after its congressional co-sponsors, the Gramm-Leach-Bliley Act (or GLB Act) requires companies that collect financial information, such as federal and state banks, financial brokers, and insurance brokers, to comply with strict guidelines concerning what they can (and can't) do with their clients' nonpublic financial information. The long arm of the GLB Act applies to all nonpublic financial information obtained by financial institutions about their customers, no matter how they got it.

This is a fancy way of saying that if you collect financial information about your clients, there's a good chance that your ability to share that information with other businesses is severely limited. Depending on the type of information you collect, you may have to obtain your clients' permission before sharing any of their financial information with your affiliates or any other third parties.

July 1 was the deadline for compliance with many of the GLB Act's privacy and security provisions. So, if you haven't checked in with your tech attorney in the past year or two, you might have blown right by the compliance deadlines without even realizing it. If you think you might be in violation of the Act, then run--don't walk--to your attorney's office. The penalties for noncompliance can be hundreds of thousands of dollars, or prison, or both.

Medical Privacy

The only thing we value more than our financial privacy is our medical privacy. After all, you'd probably rather have your stock portfolio disclosed than have some stranger discover that you have to apply an ointment to your "affected area" twice a day.

Enter the Health Insurance Portability and Accountability Act of 1996, or HIPAA. Originally designed to help employees with pre-existing medical conditions get into certain group health plans, HIPAA has evolved into a maze of e-privacy regulations that seeks to protect our medical records. Although it has been around since 1996, many of HIPAA's compliance deadlines are coming due within the next few years.

In short, HIPAA requires health plans, healthcare clearinghouses, and healthcare providers that conduct certain financial and administrative transactions electronically to adhere to certain strict privacy standards. These standards are designed to make sure that your medical information is used only for your own therapeutic purposes, and not to populate the mailing lists of third-party drug providers, marketers or other similar companies. Most immediately affected will be those insurance companies and medical billing companies that conduct part or all of their businesses online, or those companies that transmit patients' medical data to each other over the Internet.

In addition, as physicians move to Web-based billing systems or strive to achieve paperless offices, they too will become increasingly exposed to HIPAA's requirements.

The time is ripe to find out whether your e-business falls under HIPAA's privacy standards. Compliance deadlines are still far enough away to give you time to revamp the way you do things, but close enough to merit your attention sooner rather than later. Keep in mind that, although the privacy deadlines are still a year or two away, like all deadlines you've ever faced, they'll be here before you know it.

As our lives become increasingly more complicated, it behooves us to remember that laws related to e-business are being passed and enforced all the time. Take a few minutes to think about how your e-business uses the data it collects, and consider whether your business might be running afoul of recent privacy legislation. If it is, or if you're not sure, then find out immediately and deal with it.