1. What is data protection policy?
The Data Protection policy covers data held electronically and offline or online, irrespective of where data is stored. It basically secure and protect user data stored, consumed, and managed by an organization or website. It aims at create more consistent protection of consumer and personal data across the websites.
This is an agreement between company or organization which elaborate to its user what kind of data will be gathered from them and how the organization use it. Also,a promise to keep the user data safe with them.
Common information of user to be protected under privacy policy
Names
Addresses
Emails
Telephone numbers
Bank and credit card details
Health information
2. Why is privacy policy required for website
i. In some of the countries the privacy policy is legally mandatory.
ii. All personal data must be stored and handled with legal guideline.
iii. The collected Data should be used for declared reason only.
iv. The organization is responsible for following the privacy policy guidelines.
v. User should have knowledge of their rights related to the personal data.
vi. To avoid misuse of the user personal data
vii. The user should have update if their data is shared with third party organization
Viii. The organization have to declare the purpose of collecting data
4. What different laws in US/Uk for data protection
a. HIPAA(US) – Health Insurance Portability and Accountability Act (HIPAA) – This law protects individual’s health information
b. FCRA (US) – Fair Credit Reporting Act – This law help user to unsubscribe the unwanted credit offers and to get a free annual credit report
c. ECPA (US) – Electronic Communications Privacy Act – This act prohibits third party from intercepting or disclosing communications without authorization
d. GDPR (UK) – GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states
5. Difference between GDPR and HIPAA
GDPR covers citizens of the EU while HIPAA is restricted to American citizens and healthcare organizations. But what happens when a citizen from one of these countries, visit a third country like India for health care? In such a scenario, GDPR can still apply because this is a consumer-centric regulation – any organization across the world is liable to adhere to these stringent regulations when they deal with data pertaining to citizens from the EU. HIPAA, on the other hand, is an organization-centric regulation and any data handled by organizations outside the US do not come under the purview of HIPAA.