Federal privacy laws generally pertain to the expectation of a nation's citizens that their personal information and activities be protected. Most federal privacy laws were written as a guide for how financial transactions, health records and the communications behavior of citizens are secured and shared. Some of the key federal privacy laws passed in the United States, for example, include the Health Information Portability and Accountability Act (HIPAA), Children's Online Privacy Protection Act (COPPA), the Electronic Communications Privacy Act and the Financial Modernization Act of 1999.
The HIPAA Privacy Rule, passed in the U.S. legislature in 1996, maintains the privacy of medical records. HIPPA requires entities that are covered by this federal legislation to not disclose a patient’s medical history and current care without that patient’s knowledge and approval. The entities covered by this law include health insurance corporations, health care facilities and repositories in charge of collecting and disseminating health information.
A general rule before a covered entity can disclose personal health information is to inform the patient. Once informed, the patient must also give permission to allow sharing of health records. Typically, a patient also has a right to expect that health information held by those entities is maintained in a secure environment, particularly when the medical information is in an electronic medium.
Some federal privacy laws are also enforced to protect Internet privacy of children. In 1998, the U.S. Congress passed COPPA to protect children who are 12 years old or younger. The purpose of COPPA is to require online companies that market to children notify parents when private information is collected. Parents typically must consent to this collection of information before it is used in business practices. This privacy law also gives parents the right to view the information to guard against discrepancies or misuse.
With the Electronic Communications Privacy Act of 1986, U.S. federal privacy laws related to wiretapping was given clearer definitions on expectations of privacy. Communications considered privileged was expanded to include newer forms of electronic communications. Also, the restrictions placed on how communications are transmitted before qualifying for legal protection was changed with this law.
After the terrorist attacks on September 11, 2001, the U.S. Congress passed the Patriot Act. This law expanded the government’s right to access financial transactions and personal communications of persons suspected of engaging in terrorist activities. Some believe that the Patriot Act imposes on privacy rights, but is needed to protect national security.
Whenever a person conducts business with a financial institution, personal information such as employment history, income and previous residences is often collected. In the U.S., the Financial Modernization Act of 1999 was passed to protect the privacy rights on how this information is shared. Known also as the Gramm-Leach-Bliley Act, this privacy law has two specific rules that financial institutions and other entities marketing products and services to a person are expected to follow. The financial privacy rule requirement protects a person’s right to know how personal information is collected and if that information is shared with other institutions. Generally, entities are also required to have security measures in place to protect this information and prevent illegal access to personal data.