QUESTION

What data privacy standards do we have to meet under U.S. law?

SHORT ANSWER
Data privacy in the U.S. is governed by a patchwork of federal and state laws that vary depending on the industry and/or geographic location of the consumer.
Read More Below

The answer to this question depends on the type of information you are collecting and from whom. Yes, there are a few general state and federal regulations that apply to how you collect and use consumer information.  Specific industries (such as financial services and healthcare) are also subject to separate requirements under both state and federal law.

On the federal level, the Federal Trade Commission (or FTC) generally prohibits any misrepresentation regarding use and collection of consumer information, while the Graham-Leach-Bliley Act (GLBA) contains more specific rules regarding safeguarding and handling of consumer data by financial services companies. Also, California, Massachusetts and Colorado also have laws requiring businesses to establish certain data security policies and practices.