Sector and State-Specific Privacy Laws
In the United States, there is no one comprehensive privacy law that applies to the entire private sector. However, there are numerous sector and state-specific laws that businesses operating in the United States need to understand.
All states have some statutory protection for specific privacy rights, and some state constitutions specifically identify a right of privacy for their citizens.
Also, breach notification laws are in force in many states and should be well understood in order to appropriately notify regulators and individuals in the context of a data security breach.
The following are three high profile federal statutes in the United States:
- Under this law, financial institutions and certain affiliates must comply with broad “consumer privacy” rules.
- Institutions covered must create and provide notice of policies and procedures governing the collection, secure storage, and disclosure of personal information.
- Click here for more on Gramm-Leach from the Federal Trade Commission.
Health Insurance Portability and Accountability Act Regulations
- Applies to health plan providers, health care clearinghouses and certain health care providers.
- Covers “protected health information”: Information related to physical or mental health, the provision of health care, and the payment for health care.
- HIPAA violations carry substantial penalties.
- Click here for more on HIPAA from the United States Department of Health and Human Services.
Children’s Online Privacy Protection Act
- Applies to the online collection of personal information from children under 13.
- Requires a notice containing specific details about information practices to be posted on the home page and each area of the website where personal information is collected from children.
- Click here for more on COPPA from the Federal Trade Commission.
Visit the Electronic Privacy Information Center for more information on privacy laws in the United States.