Federal Privacy Act of 1974: This law was established in 1974 to insure that government agencies protect the privacy of individuals and businesses with regard to information held by them and to hold these agencies liable for any information releases without proper authorization.
Economic Espionage Act of 1996 (EEA): The Economic Espionage Act is a very powerful law which helps with the enforcement of properly handling information. This law is the first Federal law that defines and severely punishes misappropriation and theft of trade secrets. However, according to this Act, the government will only protect companies who take “reasonable measures” to safeguard their information.
HIPAA: Health Insurance Portability and Accountability Act requires healthcare organizations and businesses with group health plans to protect the confidentiality and security of healthcare. This inclues Protected Health Information (PHI) and Personally Identifiable Information (PII). Punishment for violations fall under three main categories: criminal penalties, civil monetary penalties, and sanctions. Penalties range from $1,000 per violation to a maximum of $50,000 per violation with an annual max of $1.5 million.
HITECH: Health Information Technology for Economic and Clinical Health Act promotes the adoption of health information technology, and includes a strong privacy and security element that strengthens the civil and criminal enforcement of HIPPA rules. One more change is to move a ban on penalties if the covered entity did not know of or exercise reasonable diligence to have known of their violations of HIPAA privacy requirements – i.e., not knowing that you’ve violated HIPPA isn’t a defense against penalties. HITECH penalties range from $100 per violation to $50,000 per violation.
FERPA: Family Educational Rights and Privacy Act is a Federal privacy law that gives parents certain protections with regard to their children’s education records, such as report cards, transcripts, disciplinary records, contact and family information, and class schedule. Potential penalties potentially can be the loss of Federal funding.
FACTA: Fair and Accurate Credit Transaction Act protects consumers’ personal and financial records, and requires businesses to properly dispose of information in consumer reports and protect against unauthorized access of this information. Penalties start at $1,000 per violation and includes actual and punitive damages. Proper disposal methods are to burn, pulverize, or shred covered records. FACTA covers lenders, insurers, automotive dealers, attorneys, and employers, among others.
FTC Disposal Rule: The Federal Trade Commission’s Disposal Rule requires businesses which receive consumer report information – mostly from background checks – to securely dispose of this sensitive information. Originally created to implement the Fair and Accurate Credit Transactions Act of 2003 (FACTA), the Disposal Rule is currently open for public review as the FTC prepares to expand the scope of the Rule to include “aggregate information or information that can be reasonably linked to an individual”.