Organizations covered by the Act
- Must obtain an individual’s consent when they collect, use or disclose the individual’s personal information.
- The individual has a right to access personal information held by an organization and to challenge its accuracy, if need be.
- Personal information can only be used for the purposes for which it was collected. If an organization is going to use it for another purpose, consent must be obtained again.
- Individuals should also be assured that their information will be protected by appropriate safeguards.
See: Privacy Toolkit - A Guide for Businesses and Organizations
COPPA (U.S.)
The primary goal of COPPA is to place parents in control over what information is collected from their young children online. The Rule was designed to protect children under the age of 13 while accounting for the dynamic nature of the Internet.
See: Complying with COPPA: Frequently Asked Questions
GDPR (EU)
The EU General Data Protection Regulation contains provisions and requirements pertaining to the processing of personal data of individuals inside the European Union. This applies to enterprises in the EU or any company (regardless of location) that is processing the personal data of people inside the EU.