SECTOR SPECIFIC

The United States has various federal laws that cover different aspects of data privacy, like government-held data, health data, financial information or data collected from children.

Privacy Act of 1974

The Privacy Act of 1974 governs how federal agencies can collect and use data about individuals in its system of records. The act prohibits agencies from disclosing personal information without written consent from the individual, subject to limited exceptions. Individual rights include the ability to request their records, request a change to their records if they are inaccurate or incomplete, and to be protected against unwarranted invasion of their privacy.

Gramm-Leach-Bliley Act

  • Under this law, companies that offer consumers financial products or services like loans, financial or investment advice, or insurance, and certain affiliates must comply with broad “consumer privacy” rules.

  • Institutions covered must have a policy in place to protect consumer data from security threats, and institutions must provide consumers with a privacy notice explaining what information is collected about the consumer and where it is shared, and it must inform the consumer of their right to opt out of the information being shared with unaffiliated parties.

Health Insurance Portability and Accountability Act Regulations

  • Applies to health plan providers, health care clearinghouses and certain health care providers.

  • Covers “protected health information”: Information related to physical or mental health, the provision of health care, and the payment for health care.

  • HIPAA violations carry substantial penalties and is enforced by the United States Department of Health and Human Services.

  • Note however that health information not shared with a covered entity is not subject to HIPAA regulation, meaning health data you share with a nutrition app or on social media for example would not be covered.

Children’s Online Privacy Protection Act

  • COPPA applies to the online collection of personal information from children under 13.

  • The law requires a notice containing specific details about information practices to be posted on the home page and each area of the website where personal information is collected from children.

  • Also, parental or guardian consent must be obtained before collecting children’s information.

  • COPPA is enforced by the Federal Trade Commission.