Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: US laws affecting private user data?
2 points by rebootthesystem on July 15, 2017 | hide | past | favorite | 2 comments
You collect user data for the purpose of offering a service or selling products through a website. Depending on the nature of the business the range of info collected can span a wide range:

Name, email, driver's license, social security number, credit cards, bank account/s, address, phones, etc. In other words, personal and financial data.

A year later a user decides to close the account.

What laws do we have in the US regulating what information can be kept in a database, in what form and for how long after an account is closed?

Or perhaps, more generally, regulating a request from a user for the deletion of said information?



https://www.hg.org/ecommerce-law.html

https://www.state.gov/privacy/

https://www.schneier.com/blog/archives/2006/04/identitytheft...

https://www.schneier.com/blog/archives/2016/07/anonymization...

https://www.pcisecuritystandards.org/

https://www.eff.org/deeplinks/2016/10/empty-promises-privacy...


Thanks! I'll read through this.

A quick scan seems to reveal consumers in the US don't have as much control over their private data as I thought we might. Which is bad. If someone has my driver's license and credit card data in their database and I want it completely erased they ought to be legally required to do so.

As someone operating multiple websites as well as a user my policy is to delete any and all private data on request. For me it's a matter of what I would want as a user.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: