US Privacy Resources || US Privacy Rules | US Privacy Laws | US Privacy Regulations

Welcome! Please comment and leave me a note telling me what you like and what you'd like to see more of. Sign up to my RSS Feed!

Links to Privacy Laws


As of November 11, 2011ce, The Page on Breach notification laws have moved to

US Federal Privacy Laws (USA is a member, OECD and a member, CPEA. The US has also ratified CE ETS 185)

  1. Children’s Online Privacy Protection Act (COPPA)
    1. Federal Trade Commission’s Final COPPA Rule(PDF)
      1. DECEMBER 2011 Request for comments on further COPPA Rules (PDF)
  2. Communications Assistance for Law Enforcement Act (CALEA)
  3. Depart of Defense Directive 5400.11.R – Privacy Program(May 14, 2007 edition) (PDF)
    1. Defense Privacy Office
  4. Electronic Communications Privacy Act (ECPA)
  5. Fair Credit Reporting Act(FCRA, PDF)
    1. As Amended by the Fair and Accurate Credit Transactions Act of 2003 (FACT)
    2. Federal Trade Commission’s Red Flag Rule (PDF)
  6. Family Educational Rights and Privacy Act(FERPA, The Buckley Amendment)
    1. US Department of Education Final Rule (PDF)
    2. Protection of Pupil Rights Amendment (PPRA)
    3. No Child Left Behind Act (PDF)
  7. Genetic Information Nondiscrimination Act 2008 (GINA, PDF)
    1. Proposed rule making genetic information covered under PII, HIPAA, and HITECH (PDF)
  8. Gramm-Leach-Bliley Act(GLBA)
    1. Federal Trade Commission’s Final Financial Privacy Rule (PDF)
    2. Federal Trade Commission’s Final Safeguards Rule (PDF)
  9. Health Insurance Portability and Accountability Act (HIPAA, PDF)
  10. HITECH Act (Notice: I could not find it consolidated and called out anywhere, so had to create it myself, PDF)
  11. Safe Harbor Guidelines from the US Department of Commerce
  12. Video Privacy Protection Act (VPPA)

Organizations’ Privacy Law Models and Resources

  1. American Institute of Certified Public Accountants (AICPA)
    1. Generally Accepted Privacy Principals (GAPP)
  2. Association of Computing Machinery (US-ACM)
    1. Policy Recommendations on Privacy
  3. Digital Due Process Coalition
  4. Electronic Frontier Foundation (EFF)
  5. International Association of Privacy Professionals (IAPP)
  6. National Association of Insurance Commissioners (NAIC, US)
    1. Model Law of Privacy of Consumer Financial and Health Information Regulation
  7. Online Privacy Alliance
    1. Guidelines for Effective Privacy Policies



US States’ Privacy Laws and US States’ Breach Laws

(note: in many States privacy laws include references to mandatory breach disclosure laws. In some, the same law covers both, at least partially)

  1. Alabama
    1. None Found
  2. Alaska
    1. Personal Information Protection Act (PDF)
  3. Arizona
  4. Arkansas
    1. Personal Information Protection Act (AR-PIPA)
  5. California
    1. Financial Information Privacy Act (C-FIPA)
    2. Security of Personal Information – Civil Code section 1798.81.5.
    3. RFID Privacy Law (SB 31, prohibits “skimming”)
    4. ‘Anti-Paparatzi’ Law (AB 2479)
    5. California Office of Privacy Protection
      1. Standards of Private Information Protection
    6. Decisions:
      1. California Supreme Court: Zip Code is Personal Information
  6. Colorado
    1. Privacy of Health Information
  7. Connecticut
    1. Confidentiality of Social Security Numbers
  8. Delaware
  9. Florida
  10. Georgia
  11. Hawaii
  12. Idaho
  13. Illinois
    1. Personal Information Protection Act
  14. Indiana
    1. Indiana Public Law 137 (HB 1121): ID Theft and Breach Notification
  15. Iowa
  16. Kansas
    1. Breach of Privacy
    2. Protection of Consumer Information Law
  17. Kentucky
  18. Louisiana
  19. Maine
    1. Act To Prevent Predatory Marketing Practices against Minors
    2. Notice of Risk to Personal Data Law
  20. Maryland
  21. Massachusetts
    1. Title XV, Chapter 93H: Security Breaches
    2. Decisions:
      1. Massachusetts Supreme Court: Zip Code is Personal Information
  22. Michigan
    1. Identity Theft Protection Act (Act 459)
  23. Minnesota
  24. Mississippi
  25. Missouri
  26. Montana
    1. Impediment of Identity Theft Law
  27. Nebraska
  28. Nevada
    1. Security of Personal Information
    2. Privacy (2nd law) Current
    3. Privacy (2nd law) as of January 2010 (PDF)
  29. New Hampshire
    1. Medical (Prescription) Law
  30. New Jersey
  31. New Mexico
    1. Abuse of Privacy Law
  32. New York
    1. Personal Privacy Protection Law
    2. Internet Security and Privacy Act (NY-ISPA)
    3. Employee Privacy Protection Act
    4. New York State Social Security Number Law
    5. Link to New York State Consumer Protection Board Information Privacy page
  33. North Carolina
    1. Identity Theft Protection Act (75-2a)
  34. North Dakota
  35. Ohio
  36. Oklahoma
  37. Oregon
    1. Oregon Consumer Identity Theft Protection Act
  38. Pennsylvania
  39. Puerto Rico
    1. Citizen Information on Data Banks Security Act (Title 10, Section 3, Chapter 310, section 4051 et seq.)
  40. Rhode Island
    1. Identity Theft Protection
  41. South Carolina
    1. Consumer Identity Theft Protection 37-20
  42. South Dakota
  43. Tennessee
    1. Tennessee Identity Theft Deterrence Act
  44. Texas
    1. HB 1262 – Chapter 501
    2. SB11 (Medical)
    3. Note: Texas has a very wide range of laws governing Privacy. Generally, SB11, and now HB2004 are known as the Texas Privacy Laws, even though they both mainly deals in Health Care data.
  45. Utah
    1. Notice of Intent to Sell Personal Information Act
    2. Protection of Personal Information Act
    3. Consumer Credit Protection Act (includes SB69)
  46. Vermont
    1. Protection of Personal Information
  47. Virginia
  48. Virgin Islands (including Saint Croix, Saint John, Saint Thomas, Water Island)
  49. Washington
    1. RFID Privacy Law (HB 1031)
    2. RFID Privacy Law 2 (HB 2729 relating to documents)
  50. Washington DC
  51. West Virginia
  52. Wisconsin
    1. Wisconsin Office of Privacy Protection
  53. Wyoming
    1. Consumer Protection Act (SF53)
  54. Other USA Territories
    1. American Samoa
    2. Baker Island
    3. Bajo Nuevo Bank
    4. Guam
    5. Howland Island
    6. Jarvis Island
    7. Johnston Atoll
    8. Kingman Reef
    9. Kwajelein Atoll
    10. Republic of the Marshall Islands Free Association (See International Page)
    11. Micronesia Free Association (See International Section, below)
    12. Midway Atoll
    13. Navassa Island / La Navase / Lanavazr / Lavash
    14. Northern Mariana Islands
    15. Palmyra Atoll
    16. Republic of Palau Free Association (See International Page)
    17. Serranilla Bank
    18. Wake Islands


Thank you for looking at this page of US and States privacy-related laws. For International Privacy Laws, please see this page.

One thought on “US Privacy Resources || US Privacy Rules | US Privacy Laws | US Privacy Regulations

  1. Pingback: Tea Party Switching Flavors: New Version for MASS 201 CMR 17:00 : Intelligent Business Security | The Security Blog

Comments are closed.