RESPECT YOUR DATA
Limit and protect the data you collect and retain.
Protecting your users’ privacy requires you to be thoughtful about the data you collect and hold. By carefully considering the costs and benefits of collecting data and by properly safeguarding the information that you do collect, you may prevent privacy harms and increase consumer trust in your product.
CAREFULLY HANDLE ANY DATA THAT YOUR USERS MIGHT CONSIDER SENSITIVE.
Mishaps with information like credit card or financial records, passwords, physical or mental health records, and many other types of sensitive data can have major consequences both for users and your company. Taking special steps to protect this information can protect you and your users from harm.
IDENTIFY AND COMPLY WITH SPECIFIC LEGAL REQUIREMENTS FOR THE DATA YOU COLLECT.
If your product handles certain types of information, you may be subject to specific federal and state legal requirements. For example:
- Any service that deals with electronic communications may be subject to the Electronic Communications Privacy Act.
- Services that are designed for health care providers and related entities may be subject to the Health Insurance Portability and Accountability Act.
- Video content services may be subject to the Video Privacy Protection Act.
- Websites and services that knowingly collect personal information from or that are “directed to children” under 13 may be subject to the Children’s Online Privacy Protection Act.
- Other laws may apply if your service handles financial records, consumer credit information, government records, motor vehicle records, or student education records.
"Protecting kids' privacy online is a top priority for America's parents, and for the FTC.... A million-dollar penalty should make that obligation crystal clear." - Deborah Platt Majoras, former FTC Chairman