The United States does not have comprehensive privacy and data protection laws. Instead, the United States relies on a mix of legislation, regulation, and self-regulation. The result is a patchwork of federal laws covering some specific categories of personal information ranging from financial records to video rentals to vehicle registration. Some of these laws such as the Privacy Act regulate how the federal government can collect and use personal information. Other laws such as Gramm-Leach-Bliley and HIPAA regulate how various private sectors can use personal data.

The following section provides an overview of the U.S. Federal Privacy and Data Protection Laws and their requirements. Links are provided to the relevant laws. This article in not intended as legal advice nor should it be relied upon for complicity.. You should always consult with an attorney to ensure that you are within compliance of all applicable laws.  Additionally, the following topics are covered:

  • Title:   This is the name given to the legislation at the time of enactment or its popular name.
  • Citation: This is the formal citation to the specific law and a hyperlink.
  • Summary: This provides a brief overview of the legislation.
  • Data Covered: This identifies the specific data covered by the legislation.
  • Industry: This identifies the specific industries or sectors that are covered by the legislation.
  • Penalties: This identifies the sanctions provided for failure to comply with the law’s requirements.

Bank Secrecy Act (BSA)
Computer Fraud and Abuse Act of 1984 (CFAA)
Communications Assistance for Law Enforcement Act of 1994 (CALEA)
Computer Matching and Privacy Protection Act
Consumer Credit Reporting Reform Act
Drivers Privacy Protection Act (DPPA)
Electronic Communications Privacy Act (ECPA)
Electronic Funds Transfer Act (EFT)
Electronic Communications Privacy Act (ECPA)
Equal Credit Opportunity Act (ECOA)
Fair and Accurate Credit Transactions Act (FACTA)
FACTA Disposal Rule
Fair Credit Reporting Act (FCRA)
Fair Debt Collection Practices Act (FDCPA)
Family Education Rights and Privacy Act (FERPA)
Federal Identity Theft and Assumption Deterrence Act
Federal Energy Regulatory Commission (FERC)
Federal Trade Commission Act
Financial Industry Regulatory Authority (FINRA)
Financial Services Regulatory Relief Act
Gramm-Leach-Bliley Financial Modernization Act (GLBA)
Health Insurance Portability Act (HIPAA)
Health Information Technology for Economic and Clinical Health (HITECH) Act
Identity Theft and Assumption Deterrence Act
International Traffic in Arms Regulation (ITAR)
North American Electric Reliability Corporation (NERC)
Office of Foreign Assets Control (OFAC)
Payment Application Data Security Standards (PA DSS)
Payment Card Industry Standard (PCI DSS)
Privacy Act of 1974
Privacy Protection Act (PPA)
Right to Financial Privacy Act (RFPA)
Sarbanes-Oxley Act (SOX)
Telecommunications Act of 1996
Telephone Consumer Protection Act (TCPA)
USA Patriot Act