Understanding U.S. Data Privacy Laws To Protect Your Personal Rights

Have you ever pulled your smartphone out of your pocket after a conversation about, say, a trip to Italy, and when you open social media, suddenly you’re inundated with ads about vacations in Tuscany? As a result, you may feel like your phone is “spying” on you. 

Thankfully, your phone isn’t clandestinely betraying you, and Meta isn’t listening to your conversations. Nevertheless, your personal data and online activity isn’t as private as you might think. Advertisers and data brokers can often access your information and online interests.   

There are some guardrails in place, though. U.S. data privacy laws continue to evolve to protect consumer rights and to keep you safe through significant time online. It’s important to understand how privacy laws can affect you and the steps you can take to safeguard your internet activity. 

What are U.S. data privacy laws and why do they matter?

U.S. data privacy and protection laws are in place to protect specific types of personal data from being exploited or used for nefarious purposes. For example, these laws enable you to share your confidential information with your medical provider without having to worry that your personal details will be sold or made public.

U.S. data privacy laws offer consumer protection and peace of mind through the following:

• Data Breach Prevention
• Legislate how companies collect, share, and store sensitive personal data
• Mandate company responsibility to consumers
• Prevent businesses from violating privacy policies
• Protect consumer privacy
• Require parental consent for the collection of children’s personal information

Examples of key U.S. data privacy laws you should know

The first U.S. data privacy law, The Privacy Act of 1974, was enacted long before we constantly plugged our personal information into websites and apps. The Privacy Act gives consumers some control over how the federal government can collect and use personal data and identifiers. 

Although The Privacy Act is currently under revision, it established a precedent for creating consumer protection laws throughout many industries and for multiple types of businesses. As we continue to rely on online activity for both our personal and professional lives, privacy laws evolve.

Let’s take a look at some of the key U.S. data privacy laws currently in place.

COPPA

Enacted in 1998, the Children’s Online Privacy Protection Rule (COPPA) restricts the information websites can collect from children under the age of 13. Kids are extremely vulnerable to online predators and deserve federal protection. COPPA is one of the most important privacy laws to help protect our kids as they spend time online. But it’s vital that parents supervise their Internet use as much as possible, too.

FCRA

The Fair Credit Reporting Act (FCRA) regulates who can access your credit report and how the data can be used. For example, if you’re in the process of applying to a new job, your potential employer must get your written permission to check your credit.

The three major credit bureaus, Equifax, Experian, and TransUnion must also comply if you opt out of marketing lists. The FCRA also allows you to freely access your credit report, prevents people with no legitimate purpose from retrieving your credit information, and allows you to dispute incorrect information that appears on your report.

FERPA

The Family Educational Rights and Privacy Act (FERPA) protects children from unauthorized individuals accessing their information, and gives parents access to and limited control of their children’s educational records. This means that if you’re a parent, you can view, obtain copies of, and seek to amend educational records. 

Parents also have the right to limit the disclosure of personally identifiable information of their children who are under 18. For example, if a teacher publicly posts grades or test results with information that makes a child’s identity obvious, this is considered a FERPA violation. 

Gramm-Leach-Biley Act

The Gramm-Leach-Biley Act (GLBA) is a vital U.S. data privacy law that requires financial institutions to disclose their information-sharing practices to their customers. This law sets safeguard requirements for consumer protection. It also prevents financial institutions from using deceptive marketing tactics to solicit personal information.

For example, under the GLBA, it’s illegal for your bank to disclose your tax return information to a third party. 

HIPAA

The most well-known U.S. data privacy law, the Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996, and protects the privacy of medical patients. HIPAA consumer protections include the following:

• Protection of health insurance coverage for workers and their families in case of a job change or job loss.
• All healthcare providers must adhere to federal requirements for electronic healthcare transactions and protect the identifying healthcare information of patients.   
• Patients must have access to their protected health information (PHI).
• Limited disclosure of patient information to relatives.
• Sets guidelines and protections for group health plans.

The role of the FTC in U.S. data privacy law enforcement

The U.S. Federal Trade Commission (FTC) is responsible for enforcing federal data privacy laws, and may take legal action against businesses and individuals who violate consumer protection rights. The FTC exists to protect people from unfair or unscrupulous business practices, advocate for consumers, and educate the public. 

If you feel that a business has scammed you or illegally sold your information you can file a complaint with the FTC and the agency will conduct an investigation. The FTC also is responsible for the following:

• Enforcing consumer protections for privacy and security
• Suing businesses that violate U.S. data privacy laws
• Suing businesses that mislead consumers about privacy and security practices
• Creating guidelines to maintain a fair market

State data privacy laws

There are 20 states with some level of consumer data protections in place or have passed legislation that will be enacted soon. However, if you live in any of the following states, your rights are also protected by existing comprehensive state level data privacy laws:

• California
• Colorado
• Connecticut
• Delaware
• Indiana
• Iowa
• Kentucky
• Maryland
• Montana
• Oregon
• Texas
• Virginia
• Utah

California’s comprehensive data privacy laws

California was the first state to enact online data privacy laws to protect consumers. It passed the California Online Privacy Protection Act (COPPA) in 2004 and the California Consumer Privacy Act (CCPA) in 2018. 

The COPPA was the first state law to require online services and websites to include a privacy policy. Other states soon followed suit with similar measures. The CCPA set an important precedent by becoming the first state-enacted legislation to allow consumers to opt out of third-party sharing or selling of their personal information, deletion from data broker websites, and to control other forms of personal data collection and sharing.

Privacy tools to protect your personal data

Although the U.S. data privacy laws in place establish consumer rights, there are steps that you can take to protect your data and privacy online. Check out these great privacy tools that can help give you peace of mind and safeguard your personal data:

• DeleteMe: DeleteMe is an easy-to-use, safe tool that allows you to control the personal data you share online. The #1 personal data removal application since 2011, this tool consistently monitors your data, removes your personal information from over 750 data broker databases, and alerts you to and responds to cybersecurity threats 24/7.
• LifeLock: LifeLock is a top identity theft protection tool. It secures your personal data, including financial and tax information, and is offered in a variety of subscription plans. Identity theft occurs every thirty seconds — without taking precautions to safeguard your information, you could fall victim. LifeLock monitors over a million data points in a second, alerts you to cybersecurity threats, and can help recoup stolen funds.
• Personal Data Scan from What is My IP Address: The free Personal Data Scan tool from What Is My IP Address scans over 80+ data brokers and people searches to help you discover and control where your personal data appears online. You can use this tool in conjunction with other privacy tools to increase your cybersecurity protections.

Visit What Is My IP Address for more on U.S. data privacy laws and discover how to protect your consumer rights. For more tips on cybersecurity, visit our blog or listen to our Easy Prey podcast available to stream on your favorite podcast platforms.