USA LAW AND PRACTICE Contributed by: Nancy Libin, David Rice, Spencer Persson, Michael Borgia, Robert Stankey, Kara Trowell and Alexander Sisto, Davis Wright Tremaine LLP
1. Legal and Regulatory Framework 1.1 Overview of Data and Privacy- Related Laws Data privacy is regulated in the US by various legal authorities, including the US Constitution, federal and state statutes and regulations, and local law. US Constitution The First Amendment, in some circumstances, protects people’s right to speak or engage in other protected activities anonymously, and the Fourth Amendment requires law enforcement, when investigating a crime, to obtain a war - rant, issued by a judge or magistrate based on a showing of “probable cause” that specifically identifies the places to be searched or the things to be seized. Federal Statutes Federal statutes regulate data privacy in cer - tain sectors, and the Federal Trade Commission (FTC), which is the principal federal privacy reg - ulator, also has authority to bring enforcement actions related to data privacy and security. General consumer protection The FTC uses Section 5 of the FTC Act, which prohibits unfair or deceptive acts or practices in or affecting commerce, to bring enforcement actions against companies with regard to their privacy and security practices. Financial institutions and monetary affairs The Fair Credit Reporting Act (FCRA) governs data used to evaluate consumers for extension of credit, employment, insurance and certain other matters.
The Gramm-Leach-Bliley Act (GLBA) and the Safeguards Rule govern protection of non-public consumer personal information and disclosures by certain financial institutions to third parties. The Right to Financial Privacy Act imposes cer - tain data privacy obligations on particular finan - cial institutions. Children’s privacy The Children’s Online Privacy Protection Act (COPPA) regulates online collection, use and disclosure of personal information from chil - dren under the age of 13, and generally requires notice and verifiable parental consent before doing so. Education privacy The Family Educational Rights and Privacy Act governs access, use and disclosure of “educa - tion records” and students’ personally identifi - able information. Health information The Health Insurance Portability and Account - ability Act (HIPAA) regulates health information privacy and security, but applies only to certain “covered entities” and, in some cases, covered entities’ service providers, known as “business associates”. The Confidentiality of Substance Use Disorder Patient Records rule regulates substance use disorder records generated by certain federally conducted or assisted programmes. Communications and media The Cable Act prohibits cable operators’ dis - closure of personally identifiable information of subscribers to cable and other services, unless authorised by the Act or by specific court orders
523 CHAMBERS.COM
Powered by FlippingBook