U.S. Data Privacy Laws: A Guide to Your Rights and Protections

Have you ever pulled your smartphone out of your pocket after a conversation about, say, a trip to Italy, and when you open social media, suddenly you’re inundated with ads about vacations in Tuscany? As a result, you may feel like your phone is “spying” on you. Thankfully, your phone isn’t clandestinely betraying you, and Meta isn’t listening to your conversations. Nevertheless, your personal data and online activity isn’t as private as you might think. Advertisers and data brokers can often access your information and online interests. There are some guardrails in place, though. U.S. data privacy laws continue to evolve to protect consumer rights and to keep you safe through significant time online. It’s important to understand how privacy laws can affect you and the steps you can take to safeguard your internet activity. U.S. data privacy and protection laws are in place to protect specific types of personal data from being exploited or used for nefarious purposes. For example, these laws enable you to share your confidential information with your medical provider without having to worry that your personal details will be sold or made public. U.S. data privacy laws offer consumer protection and peace of mind through the following: The first U.S. data privacy law, The Privacy Act of 1974 , was enacted long before we constantly plugged our personal information into websites and apps. The Privacy Act gives consumers some control over how the federal government can collect and use personal data and identifiers. Although The Privacy Act is currently under revision, it established a precedent for creating consumer protection laws throughout many industries and for multiple types of businesses. As we continue to rely on online activity for both our personal and professional lives, privacy laws evolve. Let’s take a look at some of the key U.S. data privacy laws currently in place. Enacted in 1998, the Children’s Online Privacy Protection Rule (COPPA) restricts the information websites can collect from children under the age of 13. Kids are extremely vulnerable to online predators and deserve federal protection. COPPA is one of the most important privacy laws to help protect our kids as they spend time online. But it’s vital that parents supervise their Internet use as much as possible, too. The Fair Credit Reporting Act (FCRA) regulates who can access your credit report and how the data can be used. For example, if you’re in the process of applying to a new job, your potential employer must get your written permission to check your credit. The three major credit bureaus, Equifax, Experian, and TransUnion must also comply if you opt out of marketing lists. The FCRA also allows you to freely access your credit report, prevents people with no legitimate purpose from retrieving your credit information, and allows you to dispute incorrect information that appears on your report. The Family Educational Rights and Privacy Act (FERPA) protects children from unauthorized individuals accessing their information, and gives parents access to and limited control of their children’s educational records. This means that if you’re a parent, you can view, obtain copies of, and seek to amend educational records. Parents also have the right to limit the disclosure of personally identifiable information of their children who are under 18. For example, if a teacher publicly posts grades or test results with information that makes a child’s identity obvious, this is considered a FERPA violation. The Gramm-Leach-Biley Act (GLBA) is a vital U.S. data privacy law that requires financial institutions to disclose their information-sharing practices to their customers. This law sets safeguard requirements for consumer protection. It also prevents financial institutions from using deceptive marketing tactics to solicit personal information. For example, under the GLBA, it’s illegal for your bank to disclose your tax return information to a third party. The most well-known U.S. data privacy law, the Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996, and protects the privacy of medical patients. HIPAA consumer protections include the following: The U.S. Federal Trade Commission (FTC) is responsible for enforcing federal data privacy laws, and may take legal action against businesses and individuals who violate consumer protection rights. The FTC exists to protect people from unfair or unscrupulous business practices, advocate for consumers, and educate the public. If you feel that a business has scammed you or illegally sold your information you can file a complaint with the FTC and the agency will conduct an investigation. The FTC also is responsible for the following: There are 20 states with some level of consumer data protections in place or have passed legislation that will be enacted soon. However, if you live in any of the following states, your rights are also protected by existing comprehensive state level data privacy laws: California was the first state to enact online data privacy laws to protect consumers. It passed the California Online Privacy Protection Act (COPPA) in 2004 and the California Consumer Privacy Act (CCPA) in 2018. The COPPA was the first state law to require online services and websites to include a privacy policy. Other states soon followed suit with similar measures. The CCPA set an important precedent by becoming the first state-enacted legislation to allow consumers to opt out of third-party sharing or selling of their personal information, deletion from data broker websites, and to control other forms of personal data collection and sharing. Although the U.S. data privacy laws in place establish consumer rights, there are steps that you can take to protect your data and privacy online. Check out these great privacy tools that can help give you peace of mind and safeguard your personal data: Visit What Is My IP Address for more on U.S. data privacy laws and discover how to protect your consumer rights. For more tips on cybersecurity, visit our blog or listen to our Easy Prey podcast available to stream on your favorite podcast platforms.