Even if you consider it as intrusion in your privacy, the national and state government knows a lot about us. Each of the US states has huge information regarding its citizens, including personally identifiable information like Social Security numbers, tax and financial information, driver’s license information. HIPAA security policy deals with Protected Health Information, but the US does not have any single, comprehensive national law to regulate the collection and use of the personal data. On the contrary, the United States incorporates a patchwork system of laws and regulations that make the security a compulsion.
European Union’s General Data Protection Regulation (GDPR) law protects the information of the EU citizens. Let us now consider how the US is protecting our data as well as organization and business requirements for data security.
Federal data protection:
The US has several federal privacy related laws that check the collection and use of personal data. The prominent federal privacy laws are as follows:
1] The Federal Trade Commission Act- This protection law prevents unfair or deceptive practices and applies to offline and online privacy and data security policies. The FTC has enforced the Act for companies that fail to comply with posted privacy policies and disclosure of the personal information. This law also prohibits online collection of information from children.
3] The Financial Services Modernization Act- This law deals with the collection, use and disclosure of the financial information. It is broadly concerning the financial institutions like the securities firms, banks, insurance firms and other organizations that provide financial services and products. It prohibits sharing the non-public personal information and in certain cases it also requires to serve notice by the financial institutions of their pattern of working, privacy practices and opportunity for the data subjects to deal with the non-sharing of their information. There are several other rules by the national banking agencies on privacy matters, like the Safeguard Rule, Disposal Rule and Red Flag Rule.
4] The Fair Credit Reporting Act and Fair and Accurate Credit Transactions Act- it applies to consumer reporting agencies that are concerned with consumer reports and the ones who deal with consumer reporting information. Consumer reports are communication issued by a consumer reporting agency that associates to the consumer’s creditworthiness, credit capacity, credit history, general reputation that is the base for consumer’s eligibility for credit or insurance.
5] The Controlling the Assault of Non- Solicited Pornography and Marketing Act- This act complies to the collection and use of email addresses and telephone numbers.
There are several other laws and penalties that deal with protection of personal information.