Data Privacy

The terms data privacy, information privacy, data protection refers to data related to individuals, or personal identifiable information (PII).

A privacy impact assessment (PIA) has the following goals:

  • Ensuring that the organization meets legal and policy-based privacy requirements.
  • Identifying the risks of privacy breaches.
  • Identifying privacy controls.
  • Review appropriateness of all PII use of an organization.

Data Privacy Regulations by Country

Countries featured on this post regarding IT security privacy:

  • European Union
  • Spain
  • USA
  • UK
  • Colombia

EU Data Privacy Regulations

European Union (EU) data privacy regulations featured on this post:


You can read more about GDPR on this post.

Spain Data Privacy Regulations

Spain data privacy regulations featured on this post:


USA Data Privacy Regulations

USA data privacy regulations featured on this post:

  • USA Constitution Fourth Amendment / Amendment IV
  • Privacy Act of 1974
  • ECPA (Electronic Communications Privacy Act) of 1986
  • CALEA (Communications Assistance for Law Enforcement) of 1994
  • Economic Espionage Act of 1996
  • HIPAA (Health Insurance Portability and Accountability Act) of 1996, 2009 and 2013
  • COPPA (Children’s Online Privacy Protection Act) of 1998
  • GLBA (Gramm-Leach-Bliley Act) of 1999
  • USA PATRIOT Act of 2001
  • FERPA (Family Educational Rights and Privacy Act)
  • Identity Theft and Assumption Deterrence Act

State privacy regulations:

  • California
    • CCPA (California Consumer Policy Act)

Communications Assistance for Law Enforcement (CALEA) requires that all communications carriers make wiretaps possible for law enforecement officials who have appropriate court order.

Gramm-Leach-Bliley Act (GLBA) contains provisions regulating the privacy of customer financial information.

Children’s Online Privacy Protection Act (COPPA) requires that websites obtain advance parental consent for the collection of persona information from children under the age of 13.

Health Insurance Portability and Accountability Act (HIPAA) requires that businesses treating the personal healt information (PHI) signs a business associate agreement (BBA).

USA Constitution Amendment IV

USA Constitution Fourth Amendment or Amendment IV establishes the right of individuals to be protected against some government interference in their private lives. Supreme Court precedent further establishes the right of an individual “to be let alone”.

The fourth amendment says:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Take note that the USA Constitution and its amendments does not contain the word “privacy”.


Canada data privacy regulations:



UK data privacy regulations featured on this post:

  • Data Protection Act 2018
  • UK General Data Protection Regulation (GDPR)
  • Privacy and Electronic Communications (EC Directive) Regulations 2003

The Information Commissioner’s Office (ICO) is the organism within the UK government that legislate most of these regulations.

A Subject Access Request (SAR) is a request made by or on behalf of an individual for the information which they are entitled to ask for under Article 15 of the UK GDPR.

An Organisation Code (ODS) is required for all organizations that work for the NHS.


Colombia data privacy regulations featured on this post:

  • Ley 1581/2012 – Colombia

Data Privacy Standards

Some popular data privay standards are ISO/IEC 27701, ISO/IEC 27018, GAPP and OECD Privacy Standards

You can check it on this post.

You might also be interested in…

External References

Leave a Reply

Your email address will not be published. Required fields are marked *