In my previous blog post, I discussed the fact that the United States has no comprehensive laws, regulations or guidelines regarding data privacy, instead relying on an ever-expanding patchwork system.
• Type of industry or activity
• Geographic location of customers
• Sensitivity of data collected
• How a company uses data
- If you collect payment card information from a Nevada resident, the state of Nevada requires the operator to comply with the Payment Card Industry Data Security Standard (PCI DSS) in its entirety except for the type of encryption. For encryption, Nevada requires compliance with the standards established by the National Institute of Standards and Technology (NIST).
To help consumers understand what privacy policies actually say, IDWise, powered by the Center for Identity, has created an online tool called PrivacyCheck.
Using a research-based design and data-mining technology, PrivacyCheck breaks down treatment of your personal information in categories that officials agree you need to protect. This overview is then organizes into a simple "at a glance" format with red, yellow, and green icons indicating the level of risk.
Plenty of people are riding the wave of identity theft and sailing off with your data. That’s why we need tools like PrivacyCheck to help consumers understand the risks they take when they share their personal information and make informed decisions about which companies to trust. Providing consumers with the tools and resources to protect their PII is a first step in reducing the occurrence of identity theft and the severe consequences that often follow.