
Ask HN: US laws affecting private user data? - rebootthesystem
You collect user data for the purpose of offering a service or selling products through a website.  Depending on the nature of the business the range of info collected can span a wide range:<p>Name, email, driver&#x27;s license, social security number, credit cards, bank account&#x2F;s, address, phones, etc.  In other words, personal and financial data.<p>A year later a user decides to close the account.<p>What laws do we have in the US regulating what information can be kept in a database, in what form and for how long after an account is closed?<p>Or perhaps, more generally, regulating a request from a user for the deletion of said information?
======
based2
[https://www.hg.org/ecommerce-law.html](https://www.hg.org/ecommerce-law.html)

[https://www.state.gov/privacy/](https://www.state.gov/privacy/)

[https://www.schneier.com/blog/archives/2006/04/identitytheft...](https://www.schneier.com/blog/archives/2006/04/identitytheft_d.html)

[https://www.schneier.com/blog/archives/2016/07/anonymization...](https://www.schneier.com/blog/archives/2016/07/anonymization_a.html)

[https://www.pcisecuritystandards.org/](https://www.pcisecuritystandards.org/)

[https://www.eff.org/deeplinks/2016/10/empty-promises-
privacy...](https://www.eff.org/deeplinks/2016/10/empty-promises-privacy-
foreigners-abroad)

~~~
rebootthesystem
Thanks! I'll read through this.

A quick scan seems to reveal consumers in the US don't have as much control
over their private data as I thought we might. Which is bad. If someone has my
driver's license and credit card data in their database and I want it
completely erased they ought to be legally required to do so.

As someone operating multiple websites as well as a user my policy is to
delete any and all private data on request. For me it's a matter of what I
would want as a user.

