used with permission from SBA.gov
For many companies, collecting sensitive consumer and employee information is an essential part of doing business. It is your legal responsibility to take steps to properly secure or dispose of it. Financial data, personal information from children, and material derived from credit reports may raise additional compliance considerations. In addition, you may have legal responsibilities to victims of identity theft.
The Federal Trade Commission (FTC) regulates and oversees business privacy laws and policies that impact consumers. Check out the following guides from more information on how you can ensure you are compliant.
- Protecting Consumer Privacy – In general, your online and offline privacy policy is your company’s pledge to your customers about how you will collect, use, share, and protect the consumer data you collect from them. While not required by law, the FTC prohibits deceptive practices. Learn more in this FTC guide.
- Protecting Children’s Privacy Online – The law sets out specific guidelines about the online collection of personal information from children under 13. Refer to this guide to see if your site is compliant.
- Using and Disposing of Consumer and Employee Credit Reports – Does your business use consumer or credit reports to evaluate customers’ creditworthiness? Do you consult reports when evaluating applications for jobs, leases, and insurance? Learn more about your responsibilities for handling this data.
- Enforcing Data Security and Preventing Identity Theft – If you keep sensitive personal information about customers or employees in your files, you are required to have a sound security plan in place to collect only what you need, keep it safe, and dispose of it securely. Develop your plan with help from this FTC guide.
- Safeguarding Sensitive Financial Data – Do you offer your customers financial products or services, like loans, investment advice, or insurance? Learn how to comply with information-sharing practices to safeguard sensitive data.