Laws

Fair Credit Reporting Act

This act regulates the operations of credit reporting bureaus,

including how they collect, store, and use credit information.

It’s enforced by the Federal Trade Commission.

Right to Financial Privacy Act

This act protects the records of financial institution customers

from unauthorized scrutiny by the federal government. Under this

act, a customer must receive written notice if a federal agency is

seeking their records along with an explanation of why.

Gramm-Leach-Bliley Act (GLBA)

aka The Financial Services Modernization Act

This act repealed the Glass-Steagall law, which prohibited a single

institution from offering investment, commercial banking, and

insurance services. Under Glass-Steagall, they could only provide

one of these services. However, now banks can provide all three!

Fair and Accurate Credit Transactions Act

This act, from 2003, allows customers to receive a free credit

report once yearly from each of the 3 primary consumer credit

reporting companies (Equifax, Experian, and TransUnion).

Health Insurance Portability and Accountability Act (HIPAA)

This act was designed to improve the portability and continuity of

health insurance coverage; to reduce fraud, waste, and abuse in

health insurance and healthcare delivery.

American Recovery and Reinvestment Act

This act includes the Health Information Technology for Economic

and Clinical Health Act (HITECH), which offers strong privacy

provisions for electronic health records. It bans the sale of health

info, promotes audit trails, and provides access right for patients.

Family Educational Rights and Privacy Act (FERPA)

This law provides rights to parents regarding their children’s

educational records, they transfer to the individual at age 18.

Provides rights to access, disclose, and amend these records.

Children’s Online Privacy Protection Act (COPPA)

With this act, any website that caters to children must offer privacy

policies, notify parental guardians about data collection practices,

and receive parental consent before collecting information from

children under 13.

Title 3 of the Omnibus Crime Control and Safe Streets Act

aka the “Wiretap Act”

This law regulates the interception of wire (telephone) and oral

communications. State and federal law enforcement can wiretap

only with warrant from judge.

Foreign Intelligence Surveillance Act (FISA)

This act describes procedures for the electronic surveillance of

foreign intelligence information in communications between

foreign powers and their agents. Uses a secret court to approve

the surveillance.

Executive Order 12333 by Ronald Reagan

This legal order allows intelligence-gathering agencies to collect

information, including messages, obtained in the course of lawful

foreign intelligence, counterintelligence, international drug, or

international terrorism investigation.

Electronic Communications Privacy Act (ECPA)

This act offers protection of communications while in transfer to

sender/receiver and electronic storage. Also, it prohibits devices

from recording without a search warrant or National Security

Letter (NSL). When legally approved, pen registers or trap-and-

trace devices may be used by law enforcement.

Communications Assistance for Law Enforcement Act (CALEA)

This act maintains that a court order to intercept electronic

communication can only be obtained if it is shown that a crime is

being committed, that the communications about the crime will be

intercepted, and the equipment being tapped is being used by the

suspect. This act amended both Wiretap Act and ECPA.

USA Patriot Act

This act was passed after 9/11, expanding abilities of both

domestic law enforcement and US intelligence agencies to search

telephone, email, medical, financial, and other records. Also eased

restrictions on gathering foreign intelligence.

FISA Amendments Act of 2008

This act was signed by the president following 9/11, granting the

NSA’s ability to collect (without court-approved warrants)

international communications as they flow through US

telecommunications equipment.

USA Freedom Act

This act was passed in 2015 following Edward Snowden’s NSA

surveillance revelations. This act terminated the bulk collection of

phone metadata by the NSA. Phone providers hold the data and

respond to NSA requests. Also restores roving wiretaps and the

tracking of lone-wolf terrorists.

European Union Protection Directive

Requires any company doing business within the European Union

(EU) to implement a set of privacy directives so that all data

transferred to non-EU counties is protected.

General Data Protection Regulation (GDPR)

Strengthens EU data protection by addressing the export of

personal data outside the EU and enabling citizens to see/correct

their personal data. Organizations anywhere in the world that

collect, store, or transfer personal data of EU citizens must work to

ensure that their systems and procedures are compliant with this

strict new framework.

Freedom of Information Act (FOIA)

Grants US citizens the right to access certain information and

records of federal, state, and local governments upon request. This

enables journalists and the public to acquire information that the

government may be reluctant to release.

The Privacy Act

Establishes a code of fair information practices that sets rules for

the collection, maintenance, use, and dissemination of personal

data that is kept by federal agencies. It also prohibits U.S.

government agencies from concealing the existence of any

personal data record-keeping system, however the CIA and law

enforcement agencies are excluded from this act.