Home / Privacy Laws / United States

Privacy in the United States

Numerous Sector and State-Specific Privacy Laws

In the United States, there is no one comprehensive privacy law that applies to the entire private sector. However, there are numerous sector and state-specific laws that businesses operating in the United States need to understand.

The following are three high profile federal statutes:

  • Gramm-Leach-Bliley Act
    • Under this law, financial institutions and certain affiliates must comply with broad "consumer privacy" rules.
    • Institutions covered must create and provide notice of policies and procedures governing the collection, secure storage, and disclosure of personal information.
    • Click here for more on Gramm-Leach from the Federal Trade Commission.
  • Health Insurance Portability and Accountability Act Regulations
    • Applies to health plan providers, health care clearinghouses and certain health care providers.
    • Covers "protected health information": Information related to physical or mental health, the provision of health care, and the payment for health care.
    • HIPAA violations carry substantial penalties.
    • Click here for more on HIPAA from the United States Department of Health and Human Services.
  • Children's Online Privacy Protection Act
    • Applies to the online collection of personal information from children under 13.
    • Requires a notice containing specific details about information practices to be posted on the home page and each area of the website where personal information is collected from children.
    • Click here for more on COPPA from the Federal Trade Commission.

All states have some statutory protection for specific privacy rights, and some state constitutions specifically identify a right of privacy for their citizens. There are also numerous state-specific security breach notification laws.

Visit the Electronic Privacy Information Center for more information on privacy laws in the United States.