History of Federal Data Privacy Regulations in the US

July 3, 2019 at 2:52 pm by Paul Falcone

Throughout history, the United States has passed quite a few different laws to protect privacy for its citizens. Generally, the laws focus on protecting one specific aspect of privacy, but they are extremely specific and in-depth on that one aspect. With the growing of the digital age, it is important to wonder if the United States is doing a good enough job keeping up with cybersecurity and data privacy.


4th Amendment

One of the first privacy laws the United States passed was the 4th Amendment, which protects people from unlawful searches. While the 4th Amendment protects people from physical and apparent searches, it has birthed some confusion regarding modern technology. In the case of Carpenter v. United States, it was ruled that the 4th Amendment protects searches of cell phone location data, but it went all the way to The Supreme Court, and was ruled 5-4 in favor of the cell phone privacy.

Fair Credit Reporting Act (FCRA) 1970

The FCRA protects citizens from their consumer reporting agencies files being used against them. A consumer reporting agency file holds personal information used to decide credit, insurance, banking info, and more. It prevents the use of information in their file being used without their knowledge and it allows a person to know what is in their file. The FCRA also allows a person to dispute inaccuracies and forces agencies to delete false or inaccurate information as well as incomplete information.

US Department of Health, Education, and Welfare (HEW) 1973 Computers and the Rights of Citizens

HEW is a report that was focused on the growing use of computers, and how that could impact the future of data keeping and protection. It focused on consequences of using automated personal data systems, how to stop those consequences, and policy for social security numbers.

Privacy Act of 1974

The Privacy Act of 1974 was a turning point in data privacy and security. It protects information that would be retrieved by an individual through their name or any other personally identifiable mark, and prevents said information from being disclosed without written consent of the individual in question. The Privacy Act of 1974 is the biggest step the United States took for data privacy and paved the way for more specific data privacy laws in the future.

Federal Educational Rights and Privacy Act (FERPA) 1974

FERPA protects educational information from being disclosed. Essentially, the Act prohibits schools from sending out information to anyone. Parents are allowed access to the educational info, but once the student turns 18 and continues schooling beyond high school, the rights transfer to the student. There are of course, certain people to whom the schools can send information, but they are all either financial, for the good of the student’s education, or for legal purposes. Schools can disclose certain information, such as name and date of birth of a student, but to do so, they must contact said student beforehand and give them a reasonable amount of time to request it not be shared.

Right to Financial Privacy Act (RFPA) 1978

RFPA protects the financial privacy of people. Essentially, it does not allow anyone to view financial information of a person without the person being notified and given a chance to object. In the words of this law, a “person” is judged to be an individual or a partnership of five or less individuals. In other words, it does not extend to corporations or large partnerships.

Video Privacy Protection Act of 1988 (VPPA)

The VPPA protects from the disclosure of rental records of “prerecorded video cassette tapes or similar audio-visual material.” Effectively, it means that without written consent or a valid warrant, no one can get the information of what a person has rented in the past.

The Gramm-Leach-Bliley Act of 1999 (GLBA)

GLBA ensures that financial institutions explain their information sharing processes with a customer. It also makes the institutions safeguard their consumer’s sensitive information. A financial institution constitutes a company that deals in the business of loans, investment advice, or insurance.

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

HIPAA protects the health information of individuals. It forces the protection and integrity of health information and it expects institutions to protect against anticipated threats against the security of the info as well as illegal disclosure.

Driver’s Privacy Protection Act of 1994 (DPPA)

The DPPA protects the information held by any state DMV. It disallows the use or release of personal info obtained from any department in relation to a motor vehicle. The information covered by this act includes name, address, SSN, phone number, and other personal effects. It does not cover traffic violations, accidents, or license status.

Children’s Online Privacy Protection Act of 1998 (COPPA)

COPPA protects children’s privacy from being collected or used. A child is defined as being under the age of 13. It requires the consent of a parent for the information of a child to be taken or used. This act works specifically for websites and online services that were targeted at children.

Federal Information Security Management Act of 2002 (FISMA)

FISMA in short is the government protecting its own cybersecurity and set guidelines for their own security moving forward. This act was the government acknowledging the importance of cybersecurity. It has since been replaced by the Federal Information Modernization Act of 2014, which is commonly referred to as FISMA reform or FISMA2014. FISMA2014 amended laws to give the government more room to increase their own cybersecurity.

Fair and Accurate Credit Transactions Act of 2003 (FACTA)

FACTA provides consumers with more accurate credit related records and entitles them to one free credit report per year from the three credit reporting agencies — Experian, Equifax, and TransUnion. It also grants consumers the ability to purchase additional credit reports for a reasonable price. The act also allows consumers to place alerts on their credit histories, to help prevent identity theft.

Telephone Records and Privacy Protection Act of 2006 (TRPPA)

TRPPA prevents pretexting – the imitation or impersonation of someone else in order to gain personal information – to buy or sell personal phone records. It should be noted that it does not affect information agencies or law officials.

State Laws and Federal Mandate

As it currently stands, many of the states have their own specific data privacy laws. Some states have more protection than others. For instance, Massachusetts have passed more data security laws than Tennessee, which has stayed closer to the federal laws alone.

In the digital era we live in, data security is a rising problem. As technology improves, more personal information becomes digital, and more security is needed. There needs to be a federal mandate that brings a unified guideline to all states that will encourage stronger cybersecurity protocols. In this current day and age, individual citizens want to be 100% certain that their personal information is well protected. Furthermore, if all the states have different laws, companies will not be able to comply with all of them, and will be forced to adhere to the strictest policies, or discontinue business with certain states all together.

The United States has consistently been putting out laws to protect privacy and enforce cybersecurity. With the way history has been it is safe to assume that they will continue to do so into the future. It is clear the cybersecurity is a major concern of the United States. The next step would logically be the United States releasing a federal mandate to standardize the data privacy laws for all states. Moving into the future, the United States needs to stay on top of new technology, and pass laws to better protect their citizens from cybercriminals.