Federal Law
Businesses that collect sensitive information from employees or customers must take appropriate steps to properly secure and dispose of it. Depending on the type of personal information that is collected and how it will be used, employers may be subject to a number of requirements under federal law.
The Federal Trade Commission regulates and oversees several business privacy laws that may impact employers. For example, the Fair Credit Reporting Act sets out rules for companies that use data to determine creditworthiness, insurance eligibility, suitability for employment, and to screen tenants.
The Gramm-Leach-Bliley Act requires financial institutions to implement reasonable security policies and procedures. Under the Red Flags Rule, financial institutions and certain creditors must have identity theft prevention programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft.
Many states also have laws requiring employers to comply with specific procedures to safeguard the personal information of employees and customers.