Federal legislation currently governs the collection and use of certain kinds of consumer information. The Federal Trade Commission (FTC) is the organization that administers the consumer protection laws. The laws ensure accuracy, fairness and privacy for consumers’ personal information. Known collectively as the Fair Credit Reporting Act (FCRA), the current code contains numerous amendments that have passed since the original legislation was enacted. Presently, a law originally proposed in 2012 is again before Congress. The “Consumer Privacy Bill of Rights Act of 2015” is intended to give citizens a right to decide what personal information gets collected, how personal information is used, and to solidify a right for all American consumers to demand that their information be stored securely. Existing consumer protection laws include the Gramm-Leach-Bliley Act (GLBA) which requires financial institutions to explain its information-sharing practices to customers and to employ protocols to protect sensitive customer data. The FCRA also requires financial institutions that wish to share with affiliates certain information (i.e., your credit report) to first notify the consumer and allow an opportunity to opt out. Finally, the FTC recently issued a report outlining “best practices” that businesses engaged in the “Internet of Things” (“IoT”) can utilize to protect consumer privacy and security. The IoT refers to the ability of everyday objects to connect to the internet–objects that can send and receive data. For example: internet-connected cameras, home automation systems that turn on lights, and bracelets that share with friends how far you have biked/run that day. To read the full report, link to the FTC 2015 Staff Report. Before requesting, sharing or disclosing sensitive information, businesses should ensure that best practices are followed.