Ways Laws Affect U.S. Businesses

            In the United States, law affects business in several ways. Copyright and intellectual property laws, worker safety laws (like OSHA), labor laws (like FLSA), privacy laws (like HIPAA), consumer protection laws (FTC), environmental protection laws (EPA), securities regulations (the SEC and SOX Act), and other laws guide decisions and regulate how business is done.  Some of them are strict regulations and in the forefront of business decisions.  For the purpose of this paper, the Federal Trade Commission Act, Fair Labor Standards Act, and the Health Insurance Portability and Accountability Act (HIPAA) are three laws that impact businesses by affecting how they respect consumer rights, employee labor, and patient privacy, and businesses need to keep these regulations in mind during business operations.

The Federal Trade Commission Act of 1914

            The FTC governs antitrust (Federal Trade Commission, 2019), consumer protection (Federal Trade Commission, 2019), antispam, truth in advertising (Lau, 2011, p.32), identity theft, and privacy breaches (Federal Trade Commission, n.d.).  The reason the FTC exists is to protect the American consumers.  The source of law for the FTC is federal statute, being formed by the passage of the Federal Trade Commission Act of 1914.  The FTC stands on the statutes to give it the power to come up with its own rules, so most of the decisions (nature of the law) are really based upon the spirit of the law.

            A negative of this ability to create and enforce its own rules is that it often appears that the FTC is outside of the law or coming up with its own law.  Some things, like consumer protection, are governed broadly by the Federal Trade Commission as a part of the Federal Trade Commission Act of 1914 (15 U.S.C. §§ 41-58), and the FTC’s proceedings are mostly outside of the normal legal system, meaning the FTC enforces FTC policies and rules (Federal Trade Commission, 2019), judged by the FTC, in an FTC hearing, with consequences determined by the FTC, outside of the normal judicial process (Manne, 2012)

            U.S. businesses are concerned with being broken up by the FTC’s antitrust division if they merge and become too large.  The FTC is tasked with breaking up monopolies and creating an environment for competition in the market.  U.S. businesses are also concerned with the safety of their products and truth in advertising, as a result of the FTC’s consumer protection division, which is a positive effect of the FTC.  An example of the FTC’s rules affecting business is the “Used Car Rule,” which is responsible for the vehicle history report and the buyer’s guide that all U.S. car dealerships are required to give the consumer at the time of purchase of a vehicle (Tressler, 2016).  Another example is the prominent and recent Facebook case in which the FTC sued Facebook $5 billion for violating consumer privacy with poor privacy practices with their online platform (Fair, 2019).  This broadcasts loud and clear to all companies that their custodianship of their customer’s data is very serious and breaches and privacy violations are punishable.  Technology businesses, especially, are now very careful with consumer data for this reason, which is a positive effect of the FTC’s consumer protection.  The FTC Act could be improved by putting restrictions and oversight on the FTC rather than giving them the power to create, judge, and enforce their own rules outside of the legal system.

The Fair Labor Standards Act of 1938

            The Fair Labor Standards Act sets rules for wages, overtime, recordkeeping, and child labor standards (Department of Labor, n.d.).  The FLSA’s reason for existing is to avoid abuse of employees by setting minimum wage, maximum hours worked per week without overtime, and minimum working age.  The source of law is federal labor law 29 U.S.C. § 203, with several updates and amendments (Fair Labor Standards Act, 2011), and the nature of the law is that it is usually strictly interpreted and enforced as written (Department of Labor, n.d.).  The law could be improved by removing the exempt status for professional employees from the law, giving the same wage fairness to professional employees as blue-collar jobs.

            The positive impact of the law is that it protects the labor force by setting a minimum wage, number of hours in a work week, and protects child labor from abuse.  Without the FLSA, employees would hire laborers below minimum wage and require them to work long hours.  The negative impact of the FLSA is that exempt employees, like lawyers and computer professionals, are not protected by the FLSA, being exempt from the protections.  This means that a computer analyst can be required to work very long hours with no additional compensation or overtime.  In the computer industry for example, cybersecurity analysts and system administrators are often expected to work 80-hour weeks in addition to being on-call with no additional compensation in the United States, because they are exempt under the FLSA.  For a lot of employers, salary means they can work people as hard as they want.  Another negative impact is the effect of the law on small businesses when amendments change rules such as minimum salary requirements.  Budgets at those businesses usually cannot sustain large wage increases without raising prices.  Wage increases leading to price increases result in inflation, negating the effect of the wage increase.  Minimum wage of $15 an hour does not help anyone if gas costs $8 per gallon.  Wage increases are definitely necessary, but some companies cannot sustain large changes to the FLSA.

Health Insurance Portability and Accountability Act of 1996

            The source of law for HIPAA is a public law 104-191, federal 42 U.S. Code §1320d (Summary of the HIPAA Privacy Rule, 2013) and its interpretation has grown with the addition of HIPAA HITECH (HITECH Act Enforcement Interim Final Rule, 2017).  The nature of the law how grown as its interpreters have had to follow the spirit of the law as new technologies and privacy concerns have evolved.  The reason that the law exists is to protect patient privacy regarding health records and patient information, set penalties in the event of breach, and set security standards for the protection and handling of data such as electronic healthcare records, as in the case of HIPAA HITECH (HITECH Act Enforcement Interim Final Rule, 2017).  Ultimately, the goal is to protect patients’ personal information and healthcare records from being seen by anyone that the patients do not release the records to.  The law seems great, but could be improved by allowing patients to centrally, electronically view and modify HIPAA releases to providers at any time to withdraw access to health care information.

            HIPAA directly positively impacts businesses that are involved with healthcare, including nursing homes, in the United States.  It impacts non-healthcare businesses when the business is dealing with health insurance and similar information that is HIPAA protected.  In modern days, HIPAA protects protected healthcare information as well as electronic healthcare records (HIPAA Journal, n.d.), requiring businesses to secure this data using encryption, cybersecurity techniques, firewalls, and security monitoring.  Healthcare providers must put a lot of cybersecurity controls in place to ensure protection of these private assets (HIPAA Guide, n.d.).  The negative affects of HIPAA and HIPAA HITECH are felt by small neighborhood doctor’s offices which do not have the skills or budget to implement the security controls that a larger institution would, yet small doctors are held to the same security standards as a hospital or insurance company.  From personal experience, information technology managed service providers in the United States have trouble getting smaller practices to purchase or implement most of the controls necessary to stay in compliance with the law.


            Laws affect businesses every day.  Business owners and managers need to be aware of the laws that affect their industry, their labor force, and their operations.  Sometimes, it will be an OSHA safety standard for factory workers.  Sometimes, it will be a civil rights law, regarding hiring and firing policies.  In this paper, the Federal Trade Commission Act, Fair Labor Standards Act, and Health Insurance Portability and Accountability Act were discussed as well as their effects on business.  These acts affect all U.S. businesses as well as all employers and consumers.  Ignorance of these laws can bring very steep penalties and lawsuits from consumers, employees, patients, and government agencies.

            Some compliances are fairly well-documented and clear-cut, like complying with the FLSA and HIPAA.  The FTC is a strange one, as there are no documented policies behind many problems until they set a precedent by jumping all over a corporation.  For instance, FTC was creating privacy policy that did not exist while suing Facebook.  The FTC makes up the rules as it goes, based upon the themes of consumer protection.  In defense of the FTC, they are doing the right work:  protecting the market and the consumers.  In the case of Facebook, they created new privacy expectations and used Facebook as their example.  As a corporation, the FTC is scary because it could jump on anything that it needs to protect consumers from.  As a consumer, the FTC is a force for good, because they act in the consumers’ best interest all of the time, without waver.

Published by Art Ocain

I am a DevOps advocate, not because I am a developer (I’m not), but because of the cultural shift it represents and the agility it gains. I am also a fan of the theory of constraints and applying constraint management to all areas of business: sales, finance, planning, billing, and all areas of operations. My speaking: I have done a lot of public speaking in my various roles over the years, including presentations at SBDC (Small Business Development Center) and Central PA Chamber of Commerce events as well as events that I have organized at MePush. My writing: I write a lot. Blog articles on the MePush site, press-releases for upcoming events to media contracts, posts on LinkedIn (https://www.linkedin.com/in/artocain/), presentations on Slideshare (https://www.slideshare.net/ArtOcain), posts on the Microsoft Tech Community, articles on Medium (https://medium.com/@artocain/), and posts on Quora (https://www.quora.com/profile/Art-Ocain-1). I am always looking for new places to write, as well. My certifications: ISACA Certified Information Security Manager (CISM), Certified Web Application Security Professional (CWASP), Certified Data Privacy Practitioner (CDPP), Cisco Certified Network Associate (CCNA), VMware Certified Professional (VCP-DCV), Microsoft Certified System Engineer (MCSE), Veeam Certified Engineer (VMCE), Microsoft 365 Security Administrator, Microsoft 365 Enterprise Administrator, Azure Administrator, Azure Security Administrator, Azure Architect, CompTIA Network+, CompTIA Security+, ITIL v4 Foundations, Certified ScrumMaster, Certified Scrum Product Owner, AWS Certified Cloud Practitioner See certification badges on Acclaim here: https://www.youracclaim.com/users/art-ocain/badges My experience: I have a lot of experience from developing a great company with great people and culture to spinning up an impressive DevOps practice and designing impressive solutions. I have been a project manager, a President, a COO, a CTO, and an incident response coordinator. From architecting cloud solutions down to the nitty-gritty of replacing hardware, I have done it all. When it comes to technical leadership, I am the go-to for many companies. I have grown businesses and built brands. I have been a coach and a mentor, developing the skills and careers of those in my company. I have formed and managed teams, and developed strong leaders and replaced myself within the company time and again as I evolved. See my experience on LinkedIn here: https://www.linkedin.com/in/artocain/

Leave a Reply

%d bloggers like this: