As the information-based economy has expanded, the collection, use and protection from disclosure of customer and employee data has become an increasing focus of legislation and regulation. Federal statutes such as HIPAA (Health Insurance Portability and Accountability Act), COPPA (Children’s Online Privacy Protection Act), and Graham-Leach-Bliley impose safeguards on certain personal information. CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing Act) and the Federal Trade Commission’s National Do Not Call Registry protect individuals’ privacy by restricting email and telephone marketing solicitations. State data breach notification laws require holders of confidential personal information (for example, credit card account numbers) to notify individuals when that data is inappropriately disclosed. Businesses that operate globally may also face international compliance challenges, as many non-US jurisdictions impose rules which are different from and more stringent than those of the U.S.
In addition to risks of legal non-compliance, businesses that possess and wish to use personal data are faced with information flow barriers to operating as a unitary enterprise, and potentially even loss of business in the event that they lose or otherwise inadvertently disclose customer data