The United States has witnessed one of the sharpest internet penetration in the last two decades with the number of internet users in the country crossing 313 million. Along with this expansion in the digital footprint, concerns related to data breaches, frauds, and privacy have gained ground. Reports from data breaches from popular sites like Yahoo have raised concerns among people about sharing their personal details on various online portals.
What Does the Public Feel?
According to a survey six-in, ten US adults feel that data collection by companies or government has become a part of their daily life. A majority of the public believes that the potential risks associated with data collection far outweigh the benefits. But even as a large section of people show concern about digital privacy, they are not diligent in reading the privacy policies and terms of usage. Such a situation requires the presence of effective laws that give the public:
- The right to see what data is being collected on them
- The right to request companies to delete the collected data
- The right to tell companies not to sell or share their data with third parties
With the number of data breaches crossing 1000 during 2020 and 155 million people getting affected due to them, there is an urgent need to have laws that cover data privacy rights and penalties and punishments for the ones misusing public information. Has the US put in place laws that cover data privacy especially, internet privacy? Let us find out.
Image Source: https://www.statista.com/
Data Privacy Laws in the US
The US does not have a law that covers the privacy of all types of data. Instead, several laws deal with some aspects of the privacy issues being faced by the public:
- The US Privacy Act of 1974 – This is one of the oldest laws related to data privacy and contains important rights and restrictions on the data held by US government agencies. The act specifies that the agencies should collect only the relevant and necessary information. It also restricts the access to data on a need-to- know basis while barring the sharing of information between other federal and non-federal agencies.
- The Health Insurance Portability and Accountability ACT, 1996 – This act include data privacy and security provisions. The law allows the healthcare provider to use the patient data only for treatment and healthcare operations. The use of information for marketing purposes requires explicit authorization, the law stated.
- The Children’s Online Privacy Protection Act or COPPA, 2000 – This act specifically prohibits online companies from asking for personal information from children aged 12 and below without verifiable parental consent. This includes information related to their names, email addresses, video chat names, photographs, audio files, and geo coordinates.
- The Gramm-Leach-Bliley Act or GLBA – This banking and financial law outlines the protection of any information collected about an individual for the provision of a financial product or service.
- The Family Educational Rights and Privacy Act (FERPA) – This law covers who can request student education records.
- The ECPA or the Electronic Communications Privacy Act – This act restricts government wiretaps on telephone calls and electronic signals. The law is considered outdated as it does not protect modern surveillance tactics.
- The Federal Trade Commission Act or the FTC – This law allows the investigation of an app or website that violates its own privacy policy.
- The Computer Fraud & Abuse Act (CFAA) 1986 – This law covers certain computer-related activities that involve the unauthorized access to a computer to obtain information, defraud or transmit harmful items.
- Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act) 2003 – This act covers the issues related to sending of unsolicited commercial emails and prohibits misleading header information and subject lines. The law also calls for the disclosure of certain information by the senders besides a valid opt-out mechanism. It also calls for civil and criminal penalties for violators.
- Fair and Accurate Credit Transactions Act (FACTA) 2003 – This requires financial institutions and creditors to have written identity theft prevention programs.
Consumer Privacy Laws in California, Colorado, and Virginia
Image Source: https://www.spglobal.com/
The comprehensive data privacy laws in the states of California, Colorado, and Virginia apply to only the people living in these states. The provisions of these laws state a company operating under these regulations must inform users if it is selling their data and seek their permission for the same. The California state law is one of the strongest in the US as it includes a limited private right of action which is the ability to sue a company against certain types of data breaches.
The California law also requires the companies to provide a global opt-out option that allows people to remove themselves from data sharing by a browser or a device. This does away with the need to opt out from each site individually.
Apart from these national laws, states like Missouri have ebook privacy rules. The state of Illinois has Biometric Information Privacy Act or BIPA which provides privacy rights to people over their biometric data.
But what is required for the safety of public data is a comprehensive law that offers basic data protection and enforcement against harmful data mining. But till the time such a law comes public needs to be aware and cautious in reading the privacy policies and terms of conditions of the services that they use.