Internet Privacy Laws Revealed - How Your Personal Information Is ...

Skip to main content Back

Solutions

Law firms

• AI for legal
• Legal research & guidance
• Legal forms
• Business development
• Legal data & document management
• Business practice & procedure
• Drafting software, service & guidance
• Evidence
• Trial readiness, process & case guidance

Tax, audit & accounting firms

• Audit & accounting
• Tax planning & preparation
• Tax research & guidance
• Data & document management
• Financial planning & analysis
• Estate planning
• Practice management & growth
• Professional development & education

Corporations

• All corporate solutions

Governments

• All government solutions

Success stories

• A true competitive advantage

  Law firm Zarwin Baum’s embrace of generative AI as the natural next step in the evolution of legal work and their adoption of CoCounsel Legal has helped them achieve remarkable efficiency gains and improved client relationships.

• Workflow transformation drives impact

  Brinks, a global leader in secure logistics and security solutions, used CoCounsel to reimagine what was possible with AI tools, turning legal challenges into a competitive advantage.

• The forefront of audit tech

  A better auditing workflow solution was the answer to multiple challenges faced by The Mercadien Group. Find out how they achieved greater efficiency by embracing Cloud Audit Suite.

• Partnership program
• Partner directory

Questions? We are here to help. Contact us Back

Products

Legal

• CoCounsel Legal
• HighQ
• Legal Tracker
• Practical Law
• Westlaw Advantage
• Westlaw Edge
• View all

Trade & supply

• ONESOURCE Foreign Trade Zone Management
• ONESOURCE Global Classification AI
• View all

Tax, audit & accounting

• 1040SCAN
• Audit Intelligence Analyze
• CoCounsel Audit
• CoCounsel Tax
• Ready to Advise
• Ready to Review
• View all

Corporate tax

• CoCounsel Tax
• ONESOURCE Determination
• ONESOURCE Income Tax
• ONESOURCE Indirect Compliance
• ONESOURCE Pagero
• ONESOURCE Tax Provision
• View all

Risk & fraud

• CLEAR
• CLEAR Adverse Media
• CLEAR ID Confirm
• CLEAR Investigate
• CLEAR Risk Inform
• Fraud Detect
• View all

Books

• Legal books
• Tax books

Recommended products

• CoCounsel Legal

  Transform your work with the only AI legal solution uniting research, drafting, and document analysis in a single experience. Designed by legal experts and built on trusted content and advanced AI, CoCounsel Legal accelerates multistep work so you can better serve your clients and grow your business.

• CoCounsel Tax

  Transform your tax practice with CoCounsel Tax, an AI-powered assistant that combines trustworthy answers, automation, and firm knowledge into one seamless platform. Enhance efficiency, reduce risk, and improve client confidence with CoCounsel Tax.

• CLEAR Investigate

  Intelligently surface critical connections and insights in actionable format through AI-driven research workflows seamlessly integrated with the trusted and transparent CLEAR platform. Accelerate investigations and empower your team to make strategic decisions with confidence.

Questions? We are here to help. Contact us Back

Purchase

Buy solutions

• CoCounsel Essentials
• CoCounsel Legal
• Practical Law
• Practical Law Dynamic Tool Set with CoCounsel Essentials
• Westlaw Advantage
• Westlaw Advantage with CoCounsel Essentials
• Westlaw Edge
• Westlaw Edge with AI-Assisted Research

Buy books

• Legal books
• Tax books

Contact sales

• For legal products
• For tax products

Questions? We are here to help.

Contact us Back

Resources

Insights

• Thomson Reuters Institute
• Innovation @ Thomson Reuters
• Legal insights
• Tax insights

Events

• Upcoming events
• On-demand webinars

Product training

• Legal learning hub
• Tax & accounting professional services
• On-demand learning
• ONESOURCE University

Product communities

• Legal
• Tax & accounting
• All communities

Developers

• Developer portal
• API catalog
• Use case library
• Communities

Highlights

• 2026 SKILLS showcase

  Join weekly sessions to experience in-depth demonstrations of the leading legal AI products while connecting with strategic law firm leaders in knowledge management, innovation, and AI.

• Ghosts on the ledger

  Payroll fraud is a major compliance risk. Learn how payroll analytics and AI-powered tools can help exorcise phantom employees and employers.

• Future of professionals report 2025

  The Thomson Reuters Future of Professionals Report 2025 reveals how AI continues to shape professional work — and what it takes to get ahead. This year’s report shows that increased efficiency, productivity, and cost savings top the list of benefits professionals attribute to AI, making it indispensable for organizations facing rapid change.

Help

Help

• Product help
• Communities
• Account management

Learn

• Legal Learning Hub
• ONESOURCE University
• Tax & Accounting Professional Services

Sign into your products Sign in to manage account

Article

Internet privacy laws revealed - how your personal information is protected online 8 min

Cyber threats come from many sources, each looking to obtain personal information (PI) for benefit or exploitation. As intrusions become increasingly sophisticated, more regulatory and internal safeguards are needed in response.

Internet privacy is a subset of the larger world of data privacy that covers the collection, use, and secure storage of PI generally. Internet privacy is concerned primarily with how PI is exposed over the Web, through tracking, data collection, data sharing, and cybersecurity threats.

A Pew Research Institute study found that controlling PI on line is “very important” to 74% of Americans. According to another Pew study, 86% of Americans have taken action to maintain their privacy — deleting cookies, encrypting email, and protecting their IP address.

Digital footprints are everywhere. Every time you visit a website, enter your credit or debit card information, sign up for an account, give out your email, fill out online forms, post on social media, or store images or documents in cloud storage, you are releasing personal information into cyberspace. Just who, other than the intended recipient, will receive or have access to the information you provided? Will it be shared with other parties? Your PI may be shared in ways you don’t expect or are unaware of. Your information may be at some risk because even the best information security programs are not 100% guaranteed.

Westlaw Edge

Deliver superior client value with faster, more accurate legal research

Enhance your practice and productivity with the most advanced legal technology for your firm. View plans and pricing

Internet privacy laws

The potential for breaches of online privacy has grown significantly over the years. There is no single law regulating online privacy. Instead, a patchwork of federal and state laws apply. Some key federal laws affecting online privacy include:

• The Federal Trade Commission Act (FTC)[1914]– regulates unfair or deceptive commercial practices. The FTC is the primary federal regulator in the privacy area and brings enforcement actions against companies. This includes failing to comply with posted privacy policies and failing to adequately protect personal information.
• Electronic Communications Privacy Act (ECPA) [1986] - protects certain wire, oral, and electronic communications from unauthorized interception, access, use, and disclosure.

• Computer Fraud & Abuse Act (CFAA) [1986] – makes unlawful certain computer-related activities involving the unauthorized access of a computer to obtain certain information, defraud or obtain anything of value, transmit harmful items, or traffic in computer passwords. The law has been in amended six times.

• Children’s Online Privacy Protection Act (COPPA) [1998] – requires certain website and online service providers to obtain verifiable parental consent before collecting, using, or disclosing personal information from minors under the age of 13. It also requires websites to post an online privacy policy, collect only the personal information necessary, and create and maintain reasonable security measures.

• Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act) [2003] – governs sending unsolicited commercial email and prohibits misleading header information and deceptive subject lines. It also requires senders to disclose certain information, include a valid opt-out mechanism, and it creates civil and criminal penalties for violations.
• Financial Services Modernization Act (GLBA) [1999] – regulates the collection, use, and disclosure of personal information collected or held by financial institutions and requires customer notices and a written information security program.
• Fair and Accurate Credit Transactions Act (FACTA) [2003] – requires financial institutions and creditors to maintain written identity theft prevention programs.

Many states have also adopted laws affecting online privacy, for example, consumer protection statutes, laws that protect certain categories of PI, information security laws, and data breach notification laws.

In addition to complying with these laws and implementing robust information security programs, there are steps organizations can take to help mitigate cybersecurity threats.

How you are exposed and how to protect yourself online

Client, customer, and employee personal information in your possession can be subject to a data breach in a myriad of ways. E-mail addresses, banking, passwords, physical addresses, phone numbers and more can inadvertently find their ways to scammers, hackers, undesired marketers, and more. Most compliance and legal area employees have little idea how to go implement data protection from internet threats. What to do?

A threat playbook for your organization

One thing your organization can do is develop an Internet privacy quick reference playbook that is easily available to employees. It can provide threat and best practices to follow for your specific area:

Here are five of the most significant online threats to data privacy coming from the web and best practices to handle them:

• Unsafe web browsing practices

Many users don't scrutinize sites on which they find information. There are often signs that sites you visit can be malicious and ask for your PI: free offers, shortened URLs, pages socially engineered to trick users to set up an account and download malware from them.

What you can do

Keep your anti-virus up to date up to date. Use the most secure Internet browser -- Google Chrome or Microsoft Edge are the two best choices. Scan files with your anti-virus software before downloading. Don’t re-use passwords for multiple websites. Turn on your browser's pop up blocker.

• Cookies and web tracking

Cookies are files downloaded to your browser by a website that contain unique identifier data about the site. However, they don’t contain any personal information or software code. When a website "sees" the data it set in a cookie, it knows the browser is one that has contacted it before.

They can be useful for things like keeping your login information for a site so you don’t have to enter it again. Cookies can also be used to track your activities and capture your purchasing habits and then be shared with unwanted third parties affiliated with the site.

What you can do

Set your browser to delete cookies every time you finish browsing or set "opt out" cookies on your browser to cookies aren't allowed at all in your browser.

• IP address tracking

The COPPA Act specifically states that IP addresses are personal information since they are information about an identifiable individual associated with them. An Internet Protocol (IP) address is a numerical label behind the familiar web addresses we see every day. It identifies a device over the internet. Hacker often come through IP addresses as their first point of attack.

Undesirable parties may trace your PI by looking up your website address if it is listed in WHOIS, the central database containing all web addresses on the internet. Ownership information is readily available here.

What you can do

If you set up a website, you can request a private WHOIS listing from the database manager, Network Solutions. Their name, address and other ownership information will appear instead of yours.

When working on your personal computer, you can use a Virtual Private Network (VPN) tool. A good one is IP Vanish. You log into the VPN as an intermediary. After that point, your IP address is encrypted and goes through the VPN provider to the internet.

Employees or clients at home have “leased” IP addresses with their cable modem and ISP accounts. Your IP won’t change until you turn off your modem. Power it down as often as you feel the need.

• Using HTTP Instead of HTTPS Encrypted Web Server Connections

Personal data flowing between a user's machine and a website using plain HTTP protocol can be monitored by other companies or potentially intercepted and stolen by malicious hackers (often called the "man-in-the-middle"). That’s where Secure Sockets Layer(SSL) comes in.

What you can do

HTTPS or Secure Sockets Layer (SSL) encrypts information sent between a website and a user's machine. When purchasing or entering personal information on websites, always check for an “https://” or a padlock icon in your browser’s URL bar to verify that a site is secure before entering any personal information. When you see HTTPS instead of HTTP in your browser's address bar, you'll know it is a secure site!

If you're hosting a website, consider implementing SSL on your web server to ensure data privacy between you and customers. It will also help mitigate direct hacking threats. You will need to find a digital certificate authority (CA) such as Verisign to help set it up.

• The threat from the cloud

Cloud computing is the latest and greatest technological wave that brings up new issues for data privacy. This is especially true when you give up administrative and technological controls to an outside party. That in of itself is a major threat.

A cloud provider may be deficient in backup processes, security practices, employee controls, application interfaces & APIs to name just a few. Plus, you never know who has the "keys of the kingdom" to view all your data in there. Scary.

What you can do

Both you and the cloud provider are in charge of security, not just the latter. If you are storing data in cloud storage or using a cloud platform to host a website, there are a few things you want to consider:

• Find out from the provider who is in charge of each cloud security control.
• Train someone in the use of provider-provided identity and access tools so you can control yourself who has access to data and applications.
• Ensure the provider has all your data that is stored with them encrypted
• Major cloud providers all offer logging tools. Use these to enable self-security logging and monitoring to monitor any unauthorized access attempts and other issues.

A combination of government regulations and responsible individual practices can only thwart potential cyber threats not eliminate them. Your compliance & legal area can do its part by implementing comprehensive threat analysis and response measures.

Get greater insight

Learn more about Practical Law

Learn more

• About us

  About us

  • About Thomson Reuters
  • Annual report
  • Careers
  • Digital accessibility
  • Investor relations
  • Our purpose
  • Press releases
  • Social impact
  • The Trust Principles

• Learn more

  Learn more

  • Partnership information
  • Supplier information
  • Global sites directory
  • Site map

• Contact us

  Contact us

  • Sales & support
  • Investors support
  • Media relations
  • Office locations

• Reuters

  Reuters

  • Reuters News & Media
  • Reuters Best
  • Reuters Professionals

• Core Publishing Solutions

  Core Publishing Solutions

  • Book printing for publishers

• Connect with us

  Connect with us

  • Facebook
  • Instagram
  • LinkedIn
  • X
  • YouTube

Thomson Reuters Do not sell or share my personal information and limit the use of my sensitive personal information