Privacy Laws in the USA

By | September 4, 2021
Privacy Laws in the USA

Last Updated on by Admin LB

This article on ‘Privacy laws in the USA’ is written by Pranava Pishati and aims to describe how the United States as a country deal with personal information protection through the use of privacy laws.

I. Introduction

It is obvious that everyone has things that they do not want others to know about. The capacity to create boundaries is critical for good relationships and employment. Personal information is a dangerous weapon that can be used against someone if it is in the hands of the wrong person. As a result, it has become vital to protect one’s personal information, particularly in this technological era where anyone may easily access anything.

The right to privacy is mentioned in many country constitutions and human rights documents. Article 12 of the Universal Declaration of Human Rights (UDHR), Article 17 of the legally enforceable International Covenant on Civil and Political Rights, and Article 16 of the Convention on the Rights of the Child all include the right to privacy (CRC)[1].

This demonstrates that there are numerous privacy rules in place to protect personal information from the government and corporations. The right to privacy interacts with several other civil rights, such as the right to freedom of expression, the right to pursue, acquire, and disclose information, and the right to associate and congregate.

II. Privacy Act of 1974

There is no centralized federal privacy law in the United States, and the right to privacy is not stated explicitly anywhere in the US Constitution, but experts deduce it from multiple amendments, notably the Fourth Amendment. the privacy laws ensure citizens have the right “to be safe in their persons, homes, papers, and effects from unwarranted illegal search and seizure.”

The 93rd United States Congress passed the Privacy Act, which went into effect on December 31, 1974. The Privacy Act compels agencies to provide notice of their record-keeping systems in the Federal Register.

It bans the disclosure of a record about an individual from a system of records without the individual’s express agreement unless the disclosure falls under one of twelve statutory exceptions[2]. The Act also gives individuals the ability to request access to and update their data, and it establishes numerous agency record-keeping standards.

This Act was drafted to amend title 5 of The United States Code, by adding a section 552a[3] to protect privacy rights from the misappropriation of Federal records, to provide that people be granted access to records concerning them maintained by Agencies, to create a Privacy Protection Study Committee, and for many other reasons.

The amendment provides a code of fair information practices that governs federal agencies’ collection, maintenance, use, and disclosure of information about persons stored in record systems. A record system is a collection of records under the management of an agency from which information is obtained using the individual’s name or another identifier.

III. Recognition in courts

The right to privacy has been maintained by the US Supreme Court in numerous cases.

In Boyd v. United States in 1886, the right to privacy was confined to the unwanted interference in a person’s private property, when an illegal seizure occurred. An illegal search and seizure were found to constitute a violation of the inherent right to personal security, personal liberty, and private property.

It was stated that “constitutional liberty and security apply to all invasions of a man’s home and privacies of life on the part of the government and its employees. It is the essence of the violation, but it is the invasion of his indefeasible right to personal security, liberty, and private property” and expanded the scope of personal security and liberty by drawing similarities with trespass[4].

The shift from the right to privacy to being about persons rather than the property was accomplished in 1965 when the historic case of Griswold v. Connecticut recognized the right to privacy as coming from the Fourteenth Amendment’s “penumbras.”

This judgement declared that the right to privacy is a fundamental component of an individual’s personal and private life, and thus the State also shouldn’t interfere. later This position was reinforced in Roe v. Wade in 1973 when the Supreme Court declared the lack of such a right would be a violation of the Fourteenth Amendment and the right to privacy as articulated in Griswold v. Connecticut.

IV. Federal data protection law

In the same way, there is no comprehensive national information security law in the United States. As a result, the security requirements imposed on data owners and businesses processing PII on their behalf are determined by the regulatory framework.

These security obligations are:

  1. Gramm-Leach-Bliley Act (GLBA)
  2. Health Insurance Portability and Accountability Act (HIPAA)
  3. Fair Credit Reporting Act (FCRA)
  4. Other State information security laws

1. The Gramm-Leach-Bliley Act (GLBA)

It imposes a variety of data security standards on financial institutions. These regulations apply to a specific sort of data known as “consumer” or “non-public personal information.”

The Safeguards Rule, enacted in compliance with GLB, requires businesses to “develop, implement, and maintain a detailed information security program” that includes administrative, technical, and physical safeguards designed to protect the security, confidentiality, and integrity of customer data. The Safeguards Rules apply to all non-public personal information, including exchanging NPI with other parties, providing consumers with privacy notifications, and protecting NPI from unwanted access.

Although the Safeguards Rule is not prescriptive, it does outline five essential components of an effective information security program:

  1. appointing one or more workers to coordinate the program
  2. carrying out risk evaluations
  3. putting in place protections to address risks highlighted in risk assessments.
  4. service provider management; and
  5. program evaluation and adjustment in response to major changes in the financial organizations[5].

2. The Health Insurance Portability and Accountability Act

It is a federal law that mandates the mobility and responsibility of health. The HIPAA Security Rule, which pertains to ePHI, specifies specific steps that identify people, and their service providers must take to protect the integrity, integrity, and protection against any reasonably anticipated threats or hazards to the security or integrity of ePHI, as well as protection against any reasonably anticipated uses or disclosures of ePHI. The Security Rule, unlike other US information security legislation, is highly prescriptive and specifies precise administrative, technical, and physical precautions.

3. Fair Credit Reporting Act (FCRA)

The Fair Credit Reporting Act (FCRA) governs the collection and use of credit-related information about consumers. The Fair Credit Reporting Act (FCRA) and its implementing regulations oversee the operations of three types of entities: credit reporting agencies, entities that provide information to CRAs, and individuals who use credit reports issued by CRAs.

In contrast to HIPAA or GLBA, there are no privacy rules in FCRA that require companies to offer notice to consumers or acquire their opt-in or opt-out consent before collecting or sharing their data to third parties[6]. Furthermore, there are no data security measures in the FCRA that require entities to maintain protections to protect customer information from unauthorized access. Rather, the FCRA’s regulations generally focus on ensuring that consumer information supplied by CRAs, and furnishers is accurate and utilized only for legal purposes.

4. State laws governing information security

Several US states, including California, have laws that enforce general information security standards on organizations that store personal information. According to California law, organizations that hold or license personal information on California residents must develop and maintain appropriate security measures and practices to safeguard the information from unauthorized access, destruction, use, modification, or disclosure[7]. Furthermore, organizations that provide personal information to unaffiliated third parties must legally obligate those companies to maintain acceptable security safeguards.

V. Conclusion | Privacy Laws in the USA

Over the course of the twentieth century, the constitutional “right to privacy” evolved, but this right often protects only against government invasions and does nothing to protect the average internet user from private actors. In general, US privacy regulations do not put direct constraints on an organization’s keeping of personal details.

There are, nevertheless, thousands of federal and state records retention regulations that place particular obligations on how long an organization may maintain data, many of which involve records including personal information. There may have been numerous adjustments made to the privacy law, but it still has certain gaps that need to be filled.


[1] ’10 Reasons Why Privacy Rights Are Important’ (Human Rights Careers) Available Here, accessed 26 August 2021

[2] ‘Privacy Act Of 1974’ ( Available Here, accessed 26 August 2021

[3]5 U.S.C. ch. 5 § 552a

[4] Kaur N, ‘Right to Privacy in The United States of America’ (, 2018) Available Here, accessed 26 August 2021

[5] Jay R, ‘Data Protection & Privacy 2015, United States, Getting The Deal Through’ Available Here, accessed 26 August 2021

[6] Mulligan S, Freeman W, and Linebaugh C, ‘Data Protection Law: An Overview’ (2019) R45631 Congressional research service Available Here, accessed 26 August 2021

[7] Jay R, ‘Data Protection & Privacy 2015, United States, Getting the Deal Through’ Available Here, accessed 26 August 2021

  1. Law Library: Notes and Study Material for LLB, LLM, Judiciary and Entrance Exams
  2. Legal Bites Academy – Ultimate Test Prep Destination
Spread the love

Leave a Reply

Your email address will not be published.