top of page

The Privacy Law Landscape

Federal Privacy Laws:

There is no comprehensive data privacy national law in the United States. Privacy law in the U.S. has been described as a patchwork quilt with sector and medium specific laws, including those that regulate telecommunications, health information, credit information, financial institutions, and marketing. Here are some federal sector specific privacy laws that govern data collection:

Children's Online Privacy Protection Act (COPPA)

15 USCA §§ 6501-6506

COPPA governs the collection of information about minors. The act is regulated by the FTC. Find out whether COPPA applies to you and how to comply with it here. More on COPPA

Health Insurance Portability and Accounting Act (HIPAA)

P.L.104-191

HIPAA governs the collection and portability of health information . The act is regulated by the Office for Civil Rights's (OCR) Department of Health and Human Services (HHS)

Gramm Leach Bliley Act

(GLBA)

15 USC §§ 6802-6809

The GLB governs information collected by banks and financial institutions. The act is primarily governed by the FTC, which has a page dedicated to understanding the GLBA here. More on GLBA. 

Fair Credit Reporting Act

(FCRA)

15 USC §§ 1681

Governs the collection and use of consumer credit information. The act is primarily governed by the FTC, which as a page dedicated to understanding the FCRA here. More on FCRA. 

All the federal privacy laws listed above are specific to the certain types of personal data (health data, credit data, etc.). With the emergence of artificial intelligence, a patchwork solution to data privacy that is currently in existence may not be feasible. Corporations, nonprofits, and other entities are increasingly putting pressure on the federal government to enact comprehensive data privacy regulation. Check out some articles about this below:

​

Data Privacy Internationally 

2016 was a big year for data privacy. The General Data Protection Regulation (GDPR) was passed in the European Union (EU). Member-states were given two years to ensure that it is fully implementable in their respective states. Since then, the GDPR has become the catalyst for various other nations to pass comprehensive data privacy laws. It is also a guiding document for privacy legislation all over the world. Although the United States as not passed anything federally, states have taken it upon themselves to pass state-specific data privacy regulations. 

General Data Protection Regulation (GDPR)

The GDPR is widely considered the toughest privacy and security law in the world. It is unique because it imposes restrictions on organizations anywhere as long as they target or collect data from people in the EU.

 

Additionally, as a U.S. legal practitioner, it is vital to understand the motivations and themes that underlay the GDPR because various U.S. state legislatures (and other nations) are using the GDPR as a guide to create their own privacy regulations. 

California was the first state in the U.S. to pass a comprehensive state privacy law. Since then, many other states have followed or tried to follow their lead. Check out the the "Tracking State Privacy Laws" page to learn more!

Free.png
bottom of page