Skip to main content

Information Privacy & Data Security: Federal Statutes

A collection of resources available to the LLS community on the topics of privacy and data security.

Important federal statutes concerning privacy and data security

The following statutes are some of the most significant ones on the subjects of information privacy and data security. The acts are listed in chronological order. For each entry, the entities bound by the statute are noted and a link provided to the best guidance resource from the enforcing federal agency, as well as where the implementing regulations are published.  Congress has not passed a major new privacy statute in many years, with the result that much of the legislative activity is now occurring at the state level.

Fair Credit Reporting Act of 1970 (FCRA)
     Pub.L. No. 90-32, 15 U.S.C. §§ 1681 et seq.
     Link:  https://www.law.cornell.edu/uscode/text/15/chapter-41/subchapter-III
     Covered entities:  credit reporting companies
     Agency guidance | Implementing regulations (title 12)  Implementing regulations (title 16)

Family Educational Rights and Privacy Act (FERPA) (a/k/a Buckley Amendment)
     Pub. L. No. 93-380, 20 U.S.C. § 1232g
     Link:  https://www.law.cornell.edu/uscode/text/20/1232g       
     Covered entities:  educational agencies and institutions
    
Agency guidance | Implementing regulations

Privacy Act of 1974
     Pub. L. No. 93-579, 5 U.S.C. § 552a
     Link:  https://www.law.cornell.edu/uscode/text/5/552a
     Covered entities:  federal government agencies and bodies
    
Agency guidance | Implementing regulations

Right to Financial Privacy Act of 1978 (RFPA) 
    Pub. L. No. 95-630, 12 U.S.C. §§ 3401-3422
    Link: https://www.law.cornell.edu/uscode/text/12/chapter-35
    Covered entities: financial institutions (upon requests from federal government authorities)
    Agency guidance | Implementing regulations

Cable Communications Policy Act of 1984
     Pub. L. No. 98-549, 47 U.S.C. § 551
     Link: https://www.law.cornell.edu/uscode/text/47/chapter-5/subchapter-V-A/part-IV
     Covered entities: cable TV operators

     Agency guidance

‚ÄčElectronic Communications Privacy Act of 1986 (ECPA)
     Pub. L. No. 99-508, 18 U.S.C. §§ 2510–2523, 2701-2713
     Link:  https://www.law.cornell.edu/uscode/text/18/part-I/chapter-119

     Covered entities:  electronic communication services
     Agency guidance

Drivers Privacy Protection Act of 1994
     Pub. L. No. 103-322, 18 U.S.C. §§ 2721–2725
     Link: https://www.law.cornell.edu/uscode/text/18/2721
     Covered entities: state departments of motor vehicles

     Agency guidance and regulations will vary by state

Health Insurance Portability and Accountability Act of 1996 (HIPPA) 
     Pub. L. No. 104-191, various sections of Title 42 of the US Code
     Link: https://www.law.cornell.edu/uscode/text/42/1320d-2
     Covered entities: covered entities defined by the Act, including health care providers, health plans that
     use health information in electronic format

     Agency guidance | Implementing regulations

Children’s Online Privacy Protection Act of 1998 (COPPA)
     Pub. L. No. 105-277, 15 U.S.C. §§ 6501–6506
     Link: https://www.law.cornell.edu/uscode/text/15/chapter-91
     Covered entities: operators of websites or online services directed at children
     Agency guidance
| Implementing regulations

Gramm-Leach-Bliley Act of 1999 (GLBA)
     Pub. L. No. 106-102, 15 U.S.C. §§ 6801-6809
     Link:  https://www.law.cornell.edu/uscode/text/15/chapter-94/subchapter-I
     Covered entities:  financial institutions and financial services companies
     Agency guidance | Implementing regulations

E-Government Act of 2002
     Pub. L. No. 107-347
     Link:  https://www.govinfo.gov/content/pkg/PLAW-107publ347/pdf/PLAW-107publ347.pdf
     Covered entities:  federal government agencies and bodies
     Agency guidance

CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing)
     Pub. L. No. 108-187, 15 U.S.C. §§ 7701-7713
     Link: https://www.law.cornell.edu/uscode/text/15/chapter-103
     Covered entities: senders of commercial e-mail messages
     Agency guidance | Implementing regulations

 

Searching for Current Legislation