By Robert C. Dewar
Many foreign businesses commence trading in the U.S. without paying a lot of attention to their data privacy policies. Unlike the UK, where the Data Protection Act (which implements the European Data Protection Directive into UK law) applies to all businesses, the U.S. does not have a universal data protection requirement that applies to all businesses in all states. Certain industries and sectors have their own specific data protection requirements, such as healthcare providers (who are covered by the Health Insurance Portability and Accountability Act of 1996) and financial institutions and other finance related businesses (which are subject to the Gramm-Leach-Bliley Act). Data relating to children are subject to the requirements of the Children’s Online Privacy Protection Act of 1998. There are many businesses that do not fall within the requirements of these targeted pieces of legislation.
In addition, foreign businesses should appreciate that, if the data of U.S. based customers and employees is repatriated to the UK, such data should thereafter be handled in accordance with all the provisions of the European Data Protection Directive, as enacted in the UK. This means the foreign company must adhere to the provisions requiring, among other things:
While UK entities may be well-versed in compliance requirements with respect to their European-based customers and employees, they may not be aware that such requirements extend to U.S.-based employees and customers.
UK companies starting businesses in the US should, at a minimum, review the data protection policies that they have in place in the UK and make a determination as to whether they want those policies to apply to US-based customers and employees. In addition, they should familiarize themselves with any new requirements that may apply to their particular industry or under state law in the states in which they plan to operate.
About Williams Mullen
With approximately 300 attorneys practicing in over 30 practice areas, Williams Mullen provides comprehensive legal services to regional, national and international clients. Their clients include multinational Fortune 500 companies, private family-owned businesses, nonprofit organizations and government entities. From offices in North Carolina, Virginia, Washington D.C. and London, Williams Mullen attorneys bring skills and experience to solving the legal needs of their diverse client base.
For more information about LexisNexis products and solutions, connect with us through our corporate site.
Major Firm Survey in UK With Above 500It Professionals Stated that Companies are not protecting sensitive data with security policies when it leaves the office, whether through BYOD or public cloud-based systems.
Complete View in to the Survey ..