*Federal Data Protection Laws *
While the Supreme Court has interpreted the Constitution to provide individuals with a right to privacy, this right generally guards only against government intrusions. Given the limitations in constitutional law, Congress has enacted a number of federal laws designed to provide statutory protections of individuals’ personal information. However, these statutory protections are not comprehensive in nature and primarily regulate specific industries and subcategories of data. These laws, which differ based on their scope, who enforces them, and their associated penalties, include:
- Children’s Online Privacy Protection Act: provides data protection requirements for children’s information collected by online operators.
- Communications Act of 1934: includes data protection provisions for common carriers, cable operators, and satellite carriers.
- Computer Fraud and Abuse Act: prohibits the unauthorized access of protected computers.
- Consumer Financial Protection Act: regulates unfair, deceptive, or abusive acts in connection with consumer financial products or services.
- Electronic Communications Privacy Act: prohibits the unauthorized access or interception of electronic communications in storage or transit.
- Fair Credit Reporting Act: covers the collection and use of data contained in consumer reports.
- Federal Securities Laws: may require data security controls and data breach reporting responsibilities.
- Federal Trade Commission (FTC) Act: prohibits “unfair or deceptive acts or practices.”
- Gramm-Leach-Bliley Act: regulates financial institutions’ use of nonpublic personal information.
- Health Insurance Portability and Accountability Act: regulates health care providers’ collection and disclosure of protected health information.
- Video Privacy Protection Act: provides privacy protections related to video rental and streaming.