The Federal Trade Commission regulates privacy in the United States, and under the FTC rules, a website need not have a privacy policy at all. However, a website must comply with and not violate its policy if it has one. ifeLock learned that lesson the hard way when " target="_blank">the FTC sued it for failing to abide by its privacy policy. How do other countries' privacy laws apply to U.S. businesses? Time will tell, as the new European Union General Data Protection Regulation goes into effect in May of next year.