Privacy and Security

For many companies, collecting sensitive consumer and employee information is an essential part of doing business. It’s your legal responsibility to take steps to properly secure or dispose of it.  Financial data, personal information from kids, and material derived from credit reports may raise additional compliance considerations. In addition, you may have legal responsibilities to victims of identity theft.  Regardless of the size of your company or your line of work, the FTC has compliance resources for you. 

Children’s Privacy

The Children’s Online Privacy Protection Act (COPPA) gives parents control over what information websites can collect from their kids. If you run a website designed for kids or have a website geared to a general audience but collect information from someone you know is under 13, you must comply with COPPA’s two main requirements. For answers to particular questions, email CoppaHotLine@ftc.gov.

Consumer Privacy

Think your company doesn't make any privacy claims? Think again — and reread your privacy policy to make sure you're honoring the promises you've pledged. Consumers care about the privacy of their personal information and savvy businesses understand the importance of being clear about what you do with their data.

Credit Reporting

Does your business use consumer reports or credit reports to evaluate customers’ creditworthiness?  Do you consult reports when evaluating applications for jobs, leases, or insurance?  Here's information about your responsibilities under the Fair Credit Reporting Act and other laws when using, reporting, and disposing of information in those reports.

Data Security

Many companies keep sensitive personal information about customers or employees in their files.  Having a sound security plan in place to collect only what you need, keep it safe, and dispose of it securely can help you meet your legal obligations to protect that sensitive data.  The FTC has free resources for businesses of any size.

Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.