Ming Ding | Information Security and
Privacy Group | Data61, CSIROPrivacy legislation and regulations
•The United States of America (USA)
➢2003 -California Online Privacy Protection Act ( CalOPPA ): The first state law in the nation to
require commercial websites and online services to post a privacy policy . CalOPPA requires a
website to feature a conspicuous privacy policy stating exactly what information is collected and
with whom it is shared . Those who fail to do so are at risk of civil litigation under the state’s Unfair
Competition Law. [Explicit provision of privacy policy] (https://consumercal.org/about -cfc/cfc -
education -foundation/california -online -privacy -protection -act-caloppa -3/)
➢2009 -Economic & Clinical Health Act ( HITECH ): This Act addresses the privacy and security
concerns associated with the electronic transmission of health information . Also, it strengthens
the civil and criminal enforcement of the HIPAA rules. [HIPAA+CalOPPA ]
(https://www.hhs.gov/hipaa/for -professionals/special -topics/hitech -act-enforcement -interim -final-
rule/index.html )