Federal Data Privacy Laws
Created by FindLaw's team of legal writers and editors | Last reviewed November 02, 2018
This article has been written and reviewed for legal accuracy, clarity, and style by FindLaw’s team of legal writers and attorneys and in accordance with our editorial standards.
The last updated date refers to the last time this article was reviewed by FindLaw or one of our contributing authors. We make every effort to keep our articles updated. For information regarding a specific legal issue affecting you, please contact an attorney in your area.
Over half of all Americans had their names, addresses, and social security numbers stolen in 2017, when the credit reporting giant, Equifax, Inc.'s computer system was hacked. Evidently, Equifax failed to update their computer security systems and used unencrypted files to store usernames and passwords. Likewise, Facebook has been hacked numerous times, giving hackers access to sensitive personal data. Everyday there seems to be yet another data breach. What laws, if any, exist to protect Americans?
This article will just focus on data privacy laws and protections that exist for you at the federal level. However, it's important to remember that other protections exist in state laws.
Federal Data Privacy Laws: Overview
Unlike the European Union with its General Data Protection Regulation (GDPR) there is no overall data privacy protection law in the U.S., but rather a hodge podge of protected areas. The federal government has been less concerned with data breaches from private companies, than with data collection and misuse by the federal government itself, as is clear from the following laws. That being said, the federal government has passed some laws to regulate private companies with respect to data privacy protections, but in limited ways.
Federal Trade Commission Act
The Federal Trade Commission (FTC) provides the greatest overall data protection to consumers, but it does so based on its general authority as a federal agency and not on a specific data privacy law. It's authority comes from the Federal Trade Commission Act which authorizes the FTC to seek to prevent unfair or deceptive trade practices.
The FTC's chief weapon in combating incursions into consumer data privacy is its ability to obtain agreements with private companies to regulate the use of the data that they collect. For example, it entered into an agreement with Facebook in 2011, which created a compliance plan and formalized privacy practices. The FTC hoped that other internet companies would model their privacy and data collection policies on the agreement reached with Facebook.
The FTC investigates and prosecutes companies for deceptive data collection, misuse of consumer data, and other violations of improper internet and on-line web practices. One of the FTC's primary functions is to prevent identity theft and it has established a complaint line for that purpose. The complaint line gathers information that is then shared with law enforcement.
The Privacy Act
To protect U.S. citizens from the misuse of their data by the federal government, the Privacy Act of 1974 was passed. It governs the collection, maintenance, and use of information about individuals stored by the federal agencies. It does not govern information collected by private companies or state agencies. While this law restricts how federal agencies collect and use personally identifiable records, it also grants individuals the right to access such records and to amend the data that is collected on them.
Children's Online Privacy Protection Act
The federal government has been very concerned about the protection of children. The Children's Online Privacy Protection Act was passed to prohibit a website or online service directed to children from collecting personally identifiable information without providing notice of what information is collected and how it will be used. The law also requires verifiable parental consent for any information collected.
Health Insurance Portability and Accountability Act
A person's medical information is provided some of the strongest privacy regulations with the Health Insurance Portability and Accountability Act (HIPAA), which regulates the use and disclosure of an individual's health information. There are civil and criminal penalties for failing to comply with the privacy rule requirements of HIPAA.
Fair Credit Reporting Act
A consumer's financial data is protected by the Fair Credit Reporting Act, which regulates consumer reporting agencies. It restricts the disclosure of credit reports, and other consumer reports. It works in conjunction with HIPAA to protect medical information as well. The act further requires notice to consumers when their credit reports have been disclosed, fraud alerts, and free access to credit reports in conjunction with a fraud alert. The Act is extensive and provides a number of consumer rights.
Controlling the Assault of Non-Solicited Pornography and Marketing Act
In an effort to limit the amount of unwanted email advertisements, especially ones with explicit sexual content, Congress passed the Controlling the Assault of Non-Solicited Pornography and Marketing Act (Can-Spam Act). It established requirements for sending unsolicited commercial email and regulates other fraudulent activities associated with electronic mail.
Electronic Communications Privacy Act
The US has long had a wiretap law that prohibited eavesdropping and recording of conversations that took place over telephone or telegraph wires, but the act was expanded to address modern forms of wireless communication. The Electronic Communications Privacy Act prohibits interception and disclosure of wire, oral, or electronic communications with exceptions for law enforcement, publicly available communications, or where permission has been given.
Computer Fraud and Abuse Act
To combat a hacker's ability to take over government and private computers, the Computer Fraud and Abuse Act was passed. It's purpose is to address computer hacking and data theft by making it illegal to access computers and taking computerized data. It's important to note that this law makes it illegal to not only steal data, but also to access a computer without authorization, even if no data or information was taken.
Questions About Your Rights Under Data Privacy Laws? Get Answers from a Lawyer Today
Remember you are the primary source for protecting your data on-line. The federal government has enacted some legislation to try to prevent data theft. However, it's mostly up to you to protect your data before there's a breach. If you have concerns about identity theft or stolen online data, a skilled attorney will be able to answer questions and help you assert your rights. Contact an experienced consumer protection attorney in your area today to learn more.
You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help
Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.
Contact a qualified consumer attorney to assist with the hazards and stress accompanying identity theft and online scams.