US Privacy Resources || US Privacy Rules | US Privacy Laws | US Privacy Regulations

August 28th, 2010 Leave a comment Go to comments
Welcome! Please comment and leave me a note telling me what you like and what you'd like to see more of. Sign up to my RSS Feed!

Links to Privacy Laws

 

 

 

 

 

 

US Federal Privacy Laws and US Federal Breach Laws (USA is a member, OECD and has ratified CE ETS 185)

  1. Children’s Online Privacy Protection Act  (COPPA)
    1. Federal Trade Commission's Final COPPA Rule (PDF)
  2. Communications Assistance for Law Enforcement Act (CALEA)
  3. Depart of Defense Directive 5400.11.R -  Privacy Program (May 14, 2007 edition) (PDF)
    1. Defense Privacy Office
  4. Electronic Communications Privacy Act (ECPA)
  5. Fair Credit Reporting Act (FCRA, PDF)
    1. As Amended by the Fair and Accurate Credit Transactions Act of 2003 (FACT)
    2. Federal Trade Commission's Red Flag Rule (PDF)  (DELAYED UNTIL NOVEMBER 1st 2009)
  6. Family Educational Rights and Privacy Act (FERPA, The Buckley Amendment)
    1. US Department of Education Final Rule (PDF)
    2. Protection of Pupil Rights Amendment (PPRA)
    3. No Child Left Behind Act (PDF)
  7. Genetic Information Nondiscrimination Act 2008 (GINA, PDF)
    1. Proposed rule making genetic information covered under PII, HIPAA, and HITECH  (PDF)
  8. Gramm-Leach-Bliley Act (GLBA)
    1. Federal Trade Commission's Final Financial Privacy Rule (PDF)
    2. Federal Trade Commission's Final Safeguards Rule (PDF)
  9. Health Insurance Portability and Accountability Act (HIPAA, PDF)
  10. HITECH Act (Notice: I could not find it consolidated and called out anywhere, so had to create it myself, PDF)
    1. HITECH Breach Notification Guidance and Request for Public Comment (From the US Department of Health and Human Services, PDF)
  11. Federal Trade Commission's Health Breach Notification FINAL Rule (PDF)
  12. Safe Harbor Guidelines from the US Department of Commerce

 

Organizations'  Privacy Law Models and Resources

  1. American Institute of Certified Public Accountants (AICPA)
    1. Generally Accepted Privacy Principals (GAPP)
  2. Digital Due Process Coalition
  3. Electronic Frontier Foundation (EFF)
  4. International Association of Privacy Professionals (IAPP)
  5. National Association of Insurance Commissioners (NAIC, US)
    1.  Model Law of Privacy of Consumer Financial and Health Information Regulation (no link found)
  6. Online Privacy Alliance
    1. Guidelines for Effective Privacy Policies

 

 

US States' Privacy Laws and US States' Breach Laws

(note: in many States privacy laws include references to mandatory breach disclosure laws.  In some, the same law covers both, at least partially)

  1. Alabama
    1. None Found
  2. Alaska
    1. Personal Information Protection Act (HB 65 , breach Notification Law PDF)
  3. Arizona
    1. Breach Notification Law
  4. Arkansas
    1. Personal Information Protection Act (AR-PIPA)
      1. Breach Notification Law (Within the above)
  5. California
    1. Financial Information Privacy Act  (C-FIPA)
    2. Standards of Private Information Protection
    3. Confidential of Medical Information Act (including Breach Notification)
    4. RFID Privacy Law (SB 31, prohibits "skimming")
  6. Colorado
    1. Privacy of Health Information
      1. Breach Notification Law
  7. Connecticut
    1. Confidentiality of Social Security Numbers
    2. Breach Notification Law
  8. Delaware
    1. Breach Notification Law
  9. Florida
    1. Breach Notification Law
  10. Georgia
    1. Breach Notification Law
  11. Hawaii
    1. Breach Notification Law
  12. Idaho
    1. Breach Notification Law
  13. Illinois
    1. Personal Information Protection Act (Breach Notification Law)
  14. Indiana
    1. Indiana Public Law 137 (HB 1121):  ID Theft and Breach Notification
    2. Breach Notification Law 24.4.9
  15. Iowa
    1. Breach Notification Law
  16. Kansas
    1. Breach of Privacy
    2. Protection of Consumer Information Law (Including Breach Notification Law)
  17. Kentucky
    1. No Privacy Act
    2. No Breach Notification Law
  18. Louisiana
    1. Database Security Breach Notification Law (select Next Section to see all of the law’s provisions)
  19. Maine
    1. Act To Prevent Predatory Marketing Practices against Minors
    2. Notice of Risk to Personal Data Law (Including Breach Notification Law)
    3. Maine Public Law 161, modifying Breach Notification Law
  20. Maryland
    1. Security Breach Law (14-3504)
  21. Massachusetts
    1. Breach Notification Law (201 CMR 17:00)
    2. Note: 93H, often quoted as "the privacy law", only refers to Governmental entities.
  22. Michigan
    1. Identity Theft Protection Act (Act 459, Including Breach Notification Law)
  23. Minnesota
    1. Breach Disclosure Law
  24. Mississippi
    1. No Privacy Act
    2. No Breach Notification Law
  25. Missouri
    1. No Privacy Act
    2. Breach Notification Law (HB 62)
  26. Montana
    1. Breach Notification Law
    2. Impediment of Identity Theft Law (Including Security Breach)
      1. Computer Security Breach Law (Included in Above)
  27. Nebraska
    1. Breach of Security Law (87-803, Notification Law)
  28. Nevada
    1. Security of Personal Information
    2. Privacy (2nd law) Current
    3. Privacy (2nd law) as of January 2010 (PDF)
  29. New Hampshire
    1. Medical (Prescription) Law
  30. New Jersey
    1. Breach Notification Law
  31. New Mexico
    1. Abuse of Privacy Law
    2. No Breach Notification Law
  32. New York
    1. Personal Privacy Protection Law
    2. Internet Security and Privacy Act (NY-ISPA)
    3. Employee Privacy Protection Act
    4. New York State Social Security Number Law
    5. Link to New York State Consumer Protection Board Information Privacy page
    6. Breach Notification Law
  33. North Carolina
    1. Identity Theft Protection Act (75-2a, including Breach Notification)
  34. North Dakota
    1. Notice of Security Breach to Personal Information Law (PDF)
  35. Ohio
    1. Private Disclosure of Security Breach of Computerized Personal Information Data
  36. Oklahoma
    1. Security Breach Notification Act (PDF)
  37. Oregon
    1. Oregon Consumer Identity Theft Protection Act (Breach Notification)
  38. Pennsylvania
    1. Breach of Personal Information Notification Act (SB712, 73.2301)
  39. Puerto Rico
    1. Citizen Information on Data Banks Security Act (Title 10, Section 3, Chapter 310, section 4051 et seq.)
  40. Rhode Island
    1. Identity Theft Protection (including Breach Notification)
  41. South Carolina
    1. Consumer Identity Theft Protection 37-20
    2. Breach Notification Law § 39-1-90
  42. South Dakota
    1. No Privacy Act
    2. No Breach Notification Law
  43. Tennessee
    1. Tennessee Identity Theft Deterrence Act
  44. Texas
    1. HB 1262 – Chapter 501
    2. SB11 (Medical)
    3. HB 2004 (of 2009) – Security Breach Notification Law
    4. Note:  Texas has a very wide range of laws governing Privacy.  Generally, SB11, and now HB2004 are known as the Texas Privacy Laws, even though they both mainly deals in Health Care data.
  45. Utah
    1. Office of the Attorney General, Identity Theft Reporting System (IRIS)
    2. Notice of Intent to Sell Personal Information Act
    3. Protection of Personal Information Act
    4. Consumer Credit Protection Act (includes SB69, Breach Notification Law, Protection Law)
    5. Disclosure of System Security Breach (13-44-202)
  46. Vermont
    1. Protection of Personal Information (Including Breach)
    2. RFID Privacy Law (HB 691, Act 153, regulating use of RFID in official documents)
  47. Virginia
    1. Breach Notification Law (HB 1469 / SB 307)
  48. Virgin Islands (including Saint Croix, Saint John, Saint Thomas, Water Island)
    1. Disclosure of Breach of Security (2208, 2209)
  49. Washington
    1. Personal Information – Notice of Security Breaches 19.255
    2. RFID Privacy Law (HB 1031)
    3. RFID Privacy Law 2 (HB 2729 relating to documents)
  50. Washington DC
    1. Consumer Security Breach Notification (PDF)
  51. West Virginia
    1. Breach of Security of Consumer Information
  52. Wisconsin
    1. Wisconsin Office of Privacy Protection
    2. Notice of Unauthorized Acquisition of Personal information (This is a PDF of the entire 134 Chapter. Look for section 98)
  53. Wyoming
    1. Consumer Protection Act (SF53, Breach Notification, PDF)
  54. Other USA Territories
    1. American Samoa
    2. Baker Island
    3. Bajo Nuevo Bank
    4. Guam
    5. Howland Island
    6. Jarvis Island
    7. Johnston Atoll
    8. Kingman Reef
    9. Kwajelein Atoll
    10. Republic of the Marshall Islands Free Association (See International Page)
    11. Micronesia Free Association (See International Section, below)
    12. Midway Atoll
    13. Navassa Island / La Navase / Lanavazr / Lavash
    14. Northern Mariana Islands
    15. Palmyra Atoll
    16. Republic of Palau Free Association (See International Page)
    17. Serranilla Bank
    18. Wake Islands

 

Thank you for looking at this page of US and States privacy-related laws.   For International Privacy Laws, please see this page.