New businesses can find the number of federal laws concerning information technology overwhelming. However, start-ups must understand and adhere to all relevant legislation or risk prosecution, just as more established businesses do. These are just some of the IT laws impacting new businesses in the United States.
The Privacy Act of 1974
The Privacy Act of 1974 governs how businesses can collect, use, and share information about their employees, customers, and business contacts. Simply put, the Privacy Act of 1974 states that no one, including businesses, can disclose facts about another individual without their express permission. As more information moves from paper records to computer files and cloud servers, the Privacy Act of 1974 has become increasingly more relevant to all companies’ IT procedures.
The Privacy Act of 1974 looks to balance the government’s need to know information about its people with the population’s rights to privacy. It protects the privacy rights of American citizens and aliens living legally in the United States with view to permanent residency. All personal information kept by agencies in the executive branch of the federal government, including given names, birthdates, social security numbers, financial transactions, and medical and criminal records are all protected by the Privacy Act of 1974.
The Electronics Communications Privacy Act of 1986
Under the Electronics Communications Privacy Act of 1986 (ECPA), no one can intercept “any wire, oral, or electronic communication” without consent. However, there is a “business use” clause all new companies should know about. Businesses can monitor their internet and phone systems, so long as employees agree.
To take advantage of this clause, get all your new hires to sign a written agreement consenting to the monitoring of their electronic communications within the workplace. Once you have the agreement, you can check in to make sure your employees aren’t spending their days instant messaging their friends or sending unprofessional emails to customers.
Just make sure you’re abreast of any state laws first, as some are more rigorous than the ECPA.
The Health Information Patient Accountability Act of 1996
Enacted in 1996, the Health Information Patient Accountability Act (HIPAA) makes sure businesses and practitioners in the medical field keep patient records safe. The law defines how “covered entities” store sensitive information and who can access it to maintain privacy. It also details patient confidentiality standards and essential steps for dealing with privacy breaches.
Hospitals, health insurance companies, healthcare clinics, and doctors are among the covered entities impacted by HIPAA. The Omnibus Rule, added in 2013, extends the law to any businesses associated with the original law’s “covered entities.” These businesses may include attorneys, e-prescription gateways, and cloud computing services.
Non-compliant businesses may receive fines from the Department of Health and Human Services Office of Civil Rights ranging from $100 to $50,000 per violation “of the same provision.”
Ignorance is no defense for failing to follow federal information technology laws. If you’re unsure of any of the nation’s IT laws, consult a legal professional. Your lawyer can clarify any parts of the legislation you’re unclear about and make sure you’re meeting all mandated requirements.