History of Federal Data Privacy Regulations in the US

January 21, 2022 at 3:09 pm by Paul Falcone


Throughout history, the United States has passed quite a few different laws to protect privacy for its citizens. Generally, the laws focus on protecting one specific aspect of privacy, but they cover all bases on that one aspect. With the growing of the digital age, it is important to wonder if the United States is doing a good enough job keeping up with cybersecurity and data privacy.

  • 4th Amendment

One of the first privacy laws the United States passed was the 4th Amendment, which protects people from unlawful searches. While the 4th Amendment protects people from physical and apparent searches, it has encountered problems protecting people in the digital age.

  • Fair Credit Reporting Act (FCRA) 1970

The FCRA protects citizens from their consumer reporting agencies files being used against them. It prevents the use of information in their file being used without their knowledge and it allows a person to know what is in their file. The FCRA also allows a person to dispute inaccuracies and forces agencies to delete false or inaccurate information as well as incomplete information.

  • US Department of Health, Education, and Welfare (HEW) 1973 Computers and the Rights of Citizens

HEW is a report that was focused on the growing use of computers, and how that could impact the future of data keeping and protection. It focused on consequences of using automated personal data systems, how to stop those consequences, and policy for social security numbers.

  • Privacy Act of 1974

The Privacy Act of 1974 was a turning point in data privacy and security. It protects information that would be retrieved by an individual through their name or any other personally identifiable mark, and prevents said information from being disclosed without written consent of the individual in question. The Privacy Act of 1974 is the biggest step the United States took for data privacy, and paved the way for more specific data privacy laws in the future.

  • Federal Educational Rights and Privacy Act (FERPA) 1974

FERPA protects educational information from being disclosed. Essentially, the Act prohibits schools from sending out information to just anyone. Parents are allowed access to the educational info, but once the student turns 18 and continues schooling beyond high school, the rights transfer to the student. There are of course, certain people to whom the schools can send information, but they are all either financial, for the good of the student’s education, or for legal purposes. Schools can disclose certain information, such as name and date of birth of a student, but to do so, they must contact said student beforehand and give them a reasonable amount of time to request it not be shared.

  • Right to Financial Privacy Act (RFPA) 1978

RFPA protects the financial privacy of people. Essentially, it does not allow anyone to view financial information of a person without the person being notified and given a chance to object. In the words of this law, a “person” is judged to be an individual or a partnership of five or less. In other words, it does not extend to corporations or large partnerships.

  • Video Privacy Protection Act of 1988 (VPPA)

The VPPA protects from the disclosure of rental records of “prerecorded video cassette tapes or similar audio visual material.” Effectively, it means that without written consent or a valid warrant, no one can get the information of what a person has rented in the past.

  • The Gramm-Leach-Bliley Act of 1999 (GLBA)

GLBA ensures that financial institutions explain their information sharing processes with a customer. It also makes them safeguard sensitive information. A financial institution constitutes a company that deals in the business of loans, investment advice, or insurance.

  • Health Insurance Portability and Accountability Act of 1996 (HIPAA)

HIPAA protects the health information of individuals. It forces the protection and integrity of health information and it expects institutions to protect against expected anticipated threats against the security of the info as well as illegal disclosure.

  • Driver’s Privacy Protection Act of 1994 (DPPA)

The DPPA protects the information held by any state DMV. It disallows the use or release of personal info obtained from any department in relation to a motor vehicle. The information covered by this act includes name, address, SSN, phone number, and other personal effects. It does not cover traffic violations, accidents, or license status.

  • Children’s Online Privacy Protection Act of 1998 (COPPA)

COPPA protects children’s privacy from being collected or used. A child is defined as being under the age of 13. It requires the consent of a parent for the information of a child to be taken or used. This act works specifically for websites and online services that were targeted at children.

  • Federal Information Security Management Act of 2002 (FISMA)

FISMA is effectively the government protecting its own cybersecurity. This act was the government acknowledging the importance of cybersecurity. It has since been replaced by the Federal Information Modernization Act of 2014, which is commonly referred to as FISMA reform or FISMA2014.

  • Fair and Accurate Credit Transactions Act of 2003 (FACTA)

FACTA provides consumers with more accurate credit related records and entitles them to one free credit report per year from the three credit reporting agencies — Experian, Equifax, and TransUnion. It also grants consumers the ability to purchase additional credit reports for a reasonable price.

  • Telephone Records and Privacy Protection Act of 2006 (TRPPA)

TRPPA prevents pretexting to buy or sell personal phone records. It should be noted that it does not affect information agencies or law officials. Pretexting refers to the imitation or impersonation of someone else in order to gain personal information.

  • State Laws and Federal Mandate

As it currently stands, many of the states have their own specific data privacy laws. Some states have more protection than others. For instance, Massachusetts have passed more data security laws than Tennessee, which has stayed closer to the federal laws alone.

In the current age we live in, data security is a rising problem. As technology improves, more personal information becomes digital, and more security is needed. There needs to be a federal mandate causing the states to all have stronger cybersecurity, as in this current day and age, it is required to be 100% certain that personal information is well protected. Furthermore, if all the states have different laws, companies will not be able to comply with all of them, and will end up not doing business in the United States.

 The United States has consistently been putting out laws to protect privacy and enforce cybersecurity, and with the way history has been, it is safe to assume that they will continue to do so into the future. The next step would logically be the United States releasing a federal mandate to standardize the data privacy laws for all states.