Skip to main content

Information Privacy & Data Security: Federal Agency Resources

A collection of resources available to the LLS community on the topics of privacy and data security.

Federal Trade Commission (FTC)

The FTC is the chief federal agency for privacy policy and enforcement.  This is based upon its responsibility for enforcing important privacy acts such as the Fair Credit Reporting Act and the Children's Online Privacy Protection Act (COPPA), the EU-US Privacy Shield agreement, as well from its exercise of authority to combat unfair and deceptive practices under the FTC Act.  Its broad authority under section 5(a) of the FTC act has allowed it to emerge as the de facto information privacy regulator in the U.S., filling in gaps left by the rather fragmented, sector-by-sector approach favored thus far by Congress.

A recommended book for understanding the history of the FTC and specifically on its evolving role in enforcing privacy rights is Chris Jay Hoofnagle, Federal Trade Commission: Privacy Law & Policy (Cambridge Univ. Press, 2016).  Main stacks:  KF 1611 .H66 2016

recommended article describing the FTC's development of a "common law" of privacy rights through its power to police unfair and deceptive trade practices is Daniel J. Solove & Woodrow Hartzog, The FTC and the New Common Law of Privacy, 114 Columbia L. Rev. 583 (2014).

Health & Human Services (HHS)

The department of Health & Human Services (HHS) is responsible for the protection of privacy for health information under HIPAA.  Within the HHS, the Office of Civil Rights is in charge of enforcing the provisions of HIPAA and the implementing regulations.  This website of HHS is the main page for information on HIPAA protections and enforcement.

OMB (Office of Management & Budget)

The Office of Management and Budget (OMB) has responsibility for developing privacy policy for the executive branch of government.  Numerous OMB memoranda, circulars and guidance documents have been issued since the 1970's providing guidance to federal agencies on: (1) the implementation of federal laws addressing privacy and data security, and (2) best practices to be followed with technology and information used by the federal government.  This website of the OMB has links to all of these documents.

CRS Reports

U.S. Department of Justice

The Justice Department has the Office of Privacy and Civil Liberties (OPCL).  This office protects the public by ensuring the department's compliance with numerous federal laws related to privacy, including the Privacy Act of 1974, the E-Government Act of 2002 and the Federal Information Security Modernization Act of 2014.  The OPCL provides oversight and coordination of the privacy procedure of the department and all its components.  The OPCL's website is a good source for examining the policies and procedures put in place by an agency to ensure its compliance with the law.

Department of Education

Department of Commerce