Your Privacy Rights Matter

The right to be left alone, to be free from intrusion from both government and private parties, is recognized globally as a fundamental human right. This right is recognized in more than 150 national constitutions.

In the United States, in lieu of a comprehensive federal privacy law, this right is protected by individual state laws,[1] by U.S. Constitutional Amendments (3rd, 4th, 5th, and 14th), and by industry-sector specific laws, which are enforced by regulatory agencies (e.g., FTC, FCC, HHS). What do all these laws have in common? They empower individuals by giving them specific rights as to how their personal information is collected and used.

As more and more states and nations around the world work to protect their citizens’ personal data online and offline with new and stricter privacy regulations, let’s take a look at the top 10 privacy rights these laws are protecting.

  1. Right to Be Informed
    Individuals have the right to know whether their data is being collected, retained, and shared.
  2. Right to Access
    Individuals have the right to know what data is being collected, how it is being used, and with whom, if anyone, it is being shared.
  3. Right to Rectification
    Individuals have the right to correct inaccuracies, complete incomplete information, and update outdated information to ensure retained data is current, correct, and complete.
  4. Right to Deletion
    Individuals have the right to have their data deleted. This right is also known as the ‘right to erasure’ and the ‘right to be forgotten.’
  5. Right to Restriction
    Individuals have the right to limit processing of some or all their personal information permanently or temporarily without requesting their data be deleted.
  6. Right to Data Portability
    Individuals have the right to obtain a portable copy of their data, typically for free and in a format that is human-readable as well as machine-portable.
  7. Right to Opt-Out
    Individuals have the right to say “No” to the selling of their personal information to third parties.
  8. Right to Non-Discrimination
    Individuals have the right to equal treatment (and not be ‘penalized’) when they exercise a right (e.g., opting out).
  9. Right to Sue
    Individuals have the right to seek civil damages (via private or class actions) against covered businesses for violation of a statute (e.g., a data-breach resulting from adequately protecting their data).
  10. Right to Non-automated Decision Making
    Individuals have the right to human input in decisions about them (e.g., credit approval) to ensure decisions are not based solely on automated processes.

When it is time to implement a privacy compliance solution, being familiar with what these rights grant will help enable your organization to meet privacy requirements.

 How Covestic Can Help

Whether it’s standing up a privacy-rights request intake-and-fulfillment process, implementing a robust privacy-controls monitoring program, managing your privacy notices and policies, reporting your compliance posture to your board of directors, or providing evidence of compliance to regulatory authorities, Covestic can help you design and implement a robust privacy compliance program that not only shortens your time to compliance but also ensures your solution is effective, efficient, and scalable.

Contact us today to learn more about how you can leverage your investment in ServiceNow to ensure your organization remains continually compliant and audit ready.

About the Author

Mike DeAndrea

Mike DeAndrea, GRC Practitioner and Advisory Solution Architect, Covestic

With more than 20 years of applied expertise in Governance, Risk, and Compliance, Mike helps Covestic customers understand how they can leverage the power of ServiceNow to meet their regulatory compliance needs in the shortest time.  Mike has extensive experience both as a practitioner and a consultant.  As a practitioner, he managed the compliance efforts of a large enterprise-wide IT operations department of a multi-billion-dollar, multi-national company for several years.  As a consultant, Mike has been helping high-profile customers deploy GRC solutions in ServiceNow for over five years.  He maintains a number of ServiceNow and industry certifications, and specializes in designing compliance solutions that are not only effective but also highly efficient, that minimize the time to value, and that drive down the cost, burden, and impact of compliance on your organization. Connect with Mike on LinkedIn.


The information provided in this article is for technical information purposes only and should not be construed as providing legal advice. Be sure to check with your legal and compliance teams before implementing any recommendations described in this article.

[1] Eleven U.S. states (Alaska, Arizona, California, Florida, Hawaii, Illinois, Louisiana, Montana, New Hampshire, South Carolina, and Washington) include the right to privacy in their state constitutions.

Related Content

California Consumer Privacy Act (CCPA): What’s Required and How to Comply

Preparing for Consumer Privacy Laws from California to Maine