Data Privacy Resources

• European Privacy Directive (Safe Harbor Principles)

This Directive, which became effective October 28, 1998, establishes standards for the collection, use, access and dissemination of personal information. Countries within the European Union may not transfer personal data to countries that do not have "adequate" privacy protection (i.e., the United States). In response, the United States Department of Commerce has been working with the European Union to develop "safe harbors." These "safe harbors " are a set of common principles to provide the specified standard of "adequate privacy protection" for the transfer of information from participating countries to the United States.

• EU Safe Harbor Information Update (Members Only)
  

• Children's Online Privacy Protection Act (COPPA)

Children's Online Privacy Protection Act (which took effect April 21, 2000) regulates the collection, use and dissemination of the personal information of children under the age of 13.
To learn more about the Children's Online Privacy Protection Act (COPPA) and how to comply with the law and FTC Rules, visit the following pages of the Federal Trade Commission website.

• New Rule to Protect Children's Online Privacy Takes Effect April 21, 2000
  
• FTC COPPA Rules
  
• Safe Harbor Program
  
• How to Comply With The Children's Online Privacy Protection Rule
  
• Implementing the Children's Online Privacy Protection Act: A Federal Trade Commission Report to Congress - February 2007

• Gramm-Leach-Bliley Act (GLB)

The Gramm-Leach-Bliley Act (GLB) is a federal law (enacted in November of 1999), concerned, in part, with privacy and security of consumer financial information. The Federal Trade Commission (FTC) is the regulatory body authorized to promulgated and enforce Privacy Rules for the GLB.

• CMOR Fact Sheet on the Gramm-Leach-Bliley Act (GLB) and its impact on survey research activities
  
• Federal Trade Commission information the GLB and the FTC Financial Privacy Rule

• Health Insurance Portability and Accountability Act of 1996 (HIPAA)
  
  
  • The Health Insurance Portability and Accountability Act of 1996 (HIPAA), is a federal law (enacted in 1996, went into effect in April 2003), concerning the privacy of "protected health information" by "covered entities." As a general matter, survey research entities are NOT "covered entities" under HIPAA, but can be indirectly covered/affected by the law/rules as "Business Associates." The application of the law/rules on survey research is triggered when they obtain "protected health information" from a "covered entity."
    
    
  • HIPAA and the Privacy Rule: CMOR Answers Your Frequently Asked Questions (Members Only)
    
    
  • Information regarding HIPAA can be found at:
    http://hhs.gov/ocr/hipaa/whatsnew.html and http://www.cms.gov/hipaa/hipaa2/default.asp
    
    
  • In addition, although from a direct marketing perspective, the DMA has created a free FAQ on HIPAA available at http://www.the-dma.org/privacy/hipaafaqs.
    
    
• Canadian Privacy Law - the Personal Information Protection and Electronic Documents Act (PIPEDA)
  
  The Personal Information Protection and Electronic Documents Act (PIPEDA), which went into effect in 2001, establishes rules governing the collection, use and disclosure of personal information.

• CMOR Fact Sheet from 2001 on PIPEDA and its potential impact on survey research activities
  
• Privacy Commission of Canada - Guide for Businesses and Organizations
  
• Canadian Survey Research Council Position Paper on the law
  
• United States International Trade Administration information on the Canadian law, including information on cross-border implications
  
• Canadian Association of Market Research Organizations (CAMRO) "Privacy Handbook" on how to comply with PIPED
  

• Court Cases and Data Retention
  
  • Frequently Asked Questions: Electronically Stored Information and Federal Rules in Civil Cases

• Privacy – It’s All About the Individual - October 2007
• The Latest EU Initiatives on Data Protection and Privacy - September 2007
• Congress Looks at Social Security Numbers and Identity Theft - August 2007
• Important FTC and FCC Information You Should Know - November 2006
• The Chief Privacy Officer - September 2006
• International Trade & Tourism, the European Privacy Directive and the Safe Harbor Provisions - July 2006
• Recruiting Methods: The Laws and Ethics You Should Know - March 2006
• Selling Telephone Records: How Media Attention Will Impact Survey Research - February 2006
• Extensive Privacy Action Yields the Need for One Rule - December 2005
• Personally Identifiable Information: How Does Congress Understand PII? - November 2005
• MORE CONSUMER/RESPONDENT CONTROL OF DATA, BECOMES AN INDUSTRY THREAT - September 2005
• THE HOME STRETCH: CONGRESS AFTER AUGUST RECESS - September 2005
• THE NEW PRIVACY: CMOR EDUCATES CONGRESS - August 2005
• DATA BREACH AND IDENTITY THEFT: IN THE CROSSHAIRS OF CONGRESS - July 2005
• PRIVACY: THE NEW FRONTIER - April 2005
• Summing Up 2002 In One Word: Privacy - November 2002
• Safe Harbor Program Fact Sheet (Updated 5-02) - June 2002
• Do You Have A Privacy Officer? - March 2002
• Do You Have A Privacy Policy? - December 2001
• FTC Chairman Announces That No New Privacy Laws Are Needed - November 2001
• CMOR Amends Senate Bill 771 - September 2001
• Privacy Legislation in The United States - August 2001
• A Change in the FTC’s Position on Privacy? - July 2001
• Government Solicits Industry Help on The Issue of Privacy - May 2001