|
Consumer Privacy: The Patchwork of Federal Law
By Michael N.
Mercurio
Privacy is a
buzz word these days – and for a good reason. With the advances of
modern technologies, an individual’s private information, whether
health, financial, employment or legal-related, is routinely
transferred, captured, stored or otherwise accessed multiple times
each day, many times without the individual even realizing the
encounter. At the federal level, Congress has attempted to stay
current with the times by passing a myriad of laws over the years
aimed at keeping various aspects of an individual’s personal life
private. This article provides a brief summary of some of these
federal laws as detailed below.
-
Children’s Online Privacy Protection Act of 1998 (COPPA). This
Act provides privacy protection to children under the under of 13 by
requesting parental consent for the collection or use of any
personal information from the computer user. This Act applies to
commercial websites and online services that are directed at
children and was passed in response to the growing problem of
Internet marketing techniques that targeted children to collect
their personal information without any parental notification.
- Computer
Matching & Privacy Protection Act of 1988. This Act restricts
federal agencies from matching and sharing information on
individuals with information held by other federal, state or local
agencies.
- Driver’s
Privacy Protection Act of 1994. This Act was passed in the wake
of the murder of actress Rebecca Shaeffer, in which case her
assailant had gotten her address from the California Department of
Motor Vehicles. The Act generally prevents departments of motor
vehicles from releasing personal information obtained by them by
individuals applying for a driver’s license.
-
Electronic Communications Privacy Act of 1986 (ECPA). The ECPA,
which amended the federal wiretap law, sets out certain provisions
for the access, use, disclosure and interception of electronic
communications including e-mail, radio-paging devices, cell phones,
private communication carriers and computer transmissions. The ECPA
also provides certain privacy protections to individuals by
prohibiting unlawful access and certain disclosures of communication
contents.
- Fair
Credit Reporting Act (FCRA). This Act, enforced by the Federal
Trade Commission, is designed to promote accuracy and privacy of
information contained and used in consumer reports by consumer
reporting agencies. FCRA set standards for who can access consumers’
sensitive credit information and what uses can be made of it.
- Fair Debt
Collection Practices Act. While this Act primarily provides
federal standards for debt collectors to follow when attempting to
collect a debt, the Act also provides a framework for what debt
collectors may and may not do with personal consumer information.
- Family
Educational Rights and Privacy Act of 1974 (FERPA). FERPA is a
federal law that protects the privacy of student education records
and applies to all schools that receive funds under programs
administered by the U.S. Department of Education. In addition, FERPA
gives parents certain rights to inspect and review their student’s
education records maintained at the school. These rights are
generally transferred to the student when the student reaches the
age of 18 or attends a school beyond the high school level.
- Federal
Identity Theft Assumption and Deterrence Act of 1988. This Act
makes it a federal crime for a person to use another person’s
identity to commit a crime that violates federal law or that is a
felony under state or local laws. Crimes under this Act are
investigated by the FBI, U.S. Secret Service and U.S. Postal
Service.
- Federal
Privacy Act of 1974. One of the oldest of the federal privacy
acts, this Act requires government agencies to apply basic fair
information practices for all records held by federal executive and
regulatory agencies regarding the personal information of
individuals.
- Financial
Services Modernization Act (Gramm-Leach-Bliley). This law was
passed by Congress in November 1999 and permits financial
institutions to simultaneously engage in banking, insurance and
securities businesses. While Congress allowed these new activities,
it also sought to regulate the use and sale of consumers’ personal
information for marketing, profiling and other commercial purposes
by requiring financial institutions to limit the disclosure of this
information, as well as to send a notice of its privacy policy and
allowing consumers the ability to “opt-out” of the disclosure of
certain personal information. As an aside, there has been much
debate as to whether lawyers are covered by the Act’s obligations.
The American Bar Association has challenged the Federal Trade
Commission’s interpretation that the Act does apply to lawyers.
- Health
Information Portability and Accountability Act of 1996 (HIPAA).
While HIPAA covers a host of non-privacy-related items (insurance,
etc.), the Administrative Simplification provisions of HIPAA require
that covered entities, typically health care providers, health plans
and health care clearinghouses, adopt comprehensive privacy and
security policies to ensure that personal health information is not
improperly disclosed or used without the proper authorization of the
information’s owner.
- Telephone
Consumer Protection Act of 1991 (TCPA). The TCPA was passed to
place restrictions on telemarketing calls and prohibits solicitation
calls to individuals before 8:00 a.m. and after 9:00 p.m. This Act
also placed restrictions on the use of autodialers, prerecorded
messages and fax machines that send unsolicited advertisements.
- Video
Privacy Protection Act of 1998. This Act limits the use or
disclosure of personally identifiable information concerning a
patron of a video rental or sales outlet. The Act does permit the
disclosure of a patron’s name and address if the patron has had an
opportunity to opt out and the disclosure is for marketing purposes
only. The Act permits injured patrons to sue for actual damages as
well as reasonable attorney fees for wrongful disclosures.
In addition to
the patchwork of federal privacy laws, each state (and some
localities) has passed statutes and regulations addressing some or all
of the above issues and more.
|
