Is selling personal information illegal?
Information about you and your browsing habits are constantly being tracked. Every time you interact with a company online, your data may be recorded. It is often part of the Terms and Conditions that you agree to by using a website or app. Other companies will pay money to get their hands on that data for their own purposes. In most parts of the country, collecting and selling personal data is not illegal, as long as the company or website informs you that they are doing so.
The laws surrounding this are complex, but there are some safeguards in place to help you protect your personal data. Personal financial information and medical information are protected under federal laws, as is the data of children under 13. Otherwise, your data is fair game in many instances.
Can I take legal action to stop telemarketing calls and texts?
You can call the Do Not Call List at 1-888-382-1222 to register your number to stop telemarketing calls and texts. If you feel that a telemarketing call or text violates federal consumer protection laws, such as the Telephone Consumer Protection Act, you may have the right to file a lawsuit. Typically you have this option if:
- Telemarketers call before 8 a.m. or after 9 p.m.
- You have registered on the National Do Not Call Registry and a company still calls.
- You have asked the company to stop calling you and they still do.
However, political campaigns, health care providers, companies you've given permission to call, and charities are exempt from these rules.
What individual or consumer privacy rights protect my personal data from businesses?
The federal government does not have many consumer privacy laws in place. The Fair Credit Reporting Act is one example, but it only applies to financial and credit information. Another privacy act is the Children's Online Privacy Protection Act, which protects children under the age of 13. The Financial Privacy Rule, which is part of the Financial Modernization Act of 1999, places limits on financial institutions for collecting and distributing private data. The Federal Trade Commission (FTC) may also bring legal action against businesses that tell consumers they protect personal information but fail to do so.
Do state privacy laws, like the CCPA, apply to other states?
In many circumstances, yes. Due to the online marketplace, state data privacy laws may apply across state lines. California's Consumer Protect Act (CCPA), for example, will protect consumers in California even if the business is located in another state. An online retailer in Florida that ships goods to customers in California will therefore need to comply with the CCPA for its California customers.
To date, 11 states have passed data privacy laws. These are California, Virginia, Connecticut, Colorado, Utah, Iowa, Indiana, Tennessee, Oregon, Montana, and Texas. Regardless of whether the privacy laws apply in a certain area, many companies are implementing them for all of their customers and website visitors to make compliance easier.
What can I do after a business that collects my data is hacked?
If your personal information is compromised because a business gets hacked, you may need to take immediate action to prevent further damage. Some things you can do immediately include:
- Changing account passwords.
- Signing up for two-factor authentication.
- Checking for security updates.
- Keeping a careful watch on your credit report and bank accounts.
- Freezing your credit.
If you are a victim of identity theft, you can use Rocket Lawyer Identity Theft documents to take more proactive measures to protect your data and recover your identity. If your identity theft can be traced to a specific data breach, you may be able to file a lawsuit to recover your losses.
How can I stop businesses from storing, using, or selling my data?
Until federal laws are passed that provide this protection, you need to be proactive to protect your personal information. You can use several Rocket Lawyer tools to do this. First, consider sending a Letter to Remove Personal Information to the companies you do business with. This legally requires them to remove that information and stop selling it if you live in one of the states with this legislation on the books. Though it is not legally binding in all states, it can help because some companies may do what you want if asked. You may also try sending a Request to Remove Name from Direct Marketing List. This may help put a stop to the robocalls and unsolicited mailers.
If you have a complaint about a business, consider filing a Complaint Letter to the Better Business Bureau. You can also file a formal Complaint Letter with the company.
If you have more questions about your options and legal rights when it comes to the use or storage of your personal information, reach out to a Rocket Lawyer network attorney.
This article contains general legal information and does not contain legal advice. Rocket Lawyer is not a law firm or a substitute for an attorney or law firm. The law is complex and changes often. For legal advice, please ask a lawyer.