Over the past several years, online privacy has become a hot button issue in state legislatures across America. Online privacy isn’t just an issue in the USA; it is becoming prevalent all over the world, with the EU implementing things like the GDPR legislation that addresses data protection. As useful as legislations like these can be for the consumer, this can be detrimental for businesses who struggle to comply (fortunately, companies like Privacy Helper, which you can visit this site to find more about, helps businesses avoid the repercussions of non-compliance to GDPR). However, in the USA, there are many online privacy policies that have been implemented. Here is a brief overview of some of the most prominent online privacy laws at the state level.
Privacy Policies for Online Services
Monitoring of Employee Internet Access
Some states have enacted legislation governing an employer’s ability to monitor employees’ online activity. In Delaware and Connecticut, for example, employers must provide adequate notice before they begin monitoring the online activity of employees. Delaware allows for a number of exceptions to the law, most commonly in the case of computer system maintenance and court ordered actions. If a Connecticut employer wants to use electronic monitoring to produce evidence of illegal conduct, he or she is not required to submit written notice as long as there are reasonable grounds for monitoring. Similarly, in Colorado and Tennessee, state organizations and other public entities must establish an official policy regarding the monitoring of employee’s e-mail communication. Policies must state that all electronic mail correspondence of the employee may appear on public record. Be sure to advise your clients to see how the states in which their businesses operate deal with these issues before monitoring.
Personal Information Collected by Internet Service Providers
In Minnesota and Nevada, Internet Service Providers (ISPs) must uphold the privacy of certain types of customer information. Although both states expressly prohibit the release of personally identifiable information, Minnesota requires ISPs to obtain permission from customers before releasing information to third-party websites they have visited. Similarly, nonfinancial businesses in California and Utah must inform customers of the types of personal information they share with third party entities.
About the Author
Chris Sundermeier is General Counsel and Chief Privacy Officer for Reputation.com. He comes to the company after representing various Silicon Valley Internet and technology companies for more than a decade as a litigation partner at Cooley LLP. There, Chris focused on disputes involving complex commercial contracts and technology agreements, securities, fiduciary duty, mergers and acquisitions, and intellectual property.
Mr. Sundermeier graduated magna cum laude with his law degree from Boston College, where he was a member of the Order of the Coif. Prior to attending law school, Mr. Sundermeier taught philosophy at multiple universities and colleges around New York City while working on a Ph.D. in Philosophy at Fordham University. He also holds an undergraduate degree in English and Philosophy from Creighton University.
Full disclosure, Legal Ink Magazine is an affiliate partner with Reputation.com.