Some of the more notable privacy laws that have been enacted in the United States are briefly touched on below.
The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. HIPAA is also known as the Kennedy-Kassebaum Health Insurance Portability and Accountability Act (HIPAA-Public Law 104-191), effective August 21, 1996. The basic idea of HIPAA is that an individual who is a subject of individually identifiable health information should have:
- Established procedures for the exercise of individual health information privacy rights.
- The use and disclosure of individual health information should be authorized or required.
One difficulty with HIPAA is that there must be a mechanism to authenticate the patient who demands access to his/her data. As a result, medical facilities have begun to ask for Social Security Numbers from patients, thus arguably decreasing privacy by simplifying the act of correlating health records with other records. The issue of consent is problematic under HIPAA, because the medical providers simply make care contingent upon agreeing to the privacy standards in practice.
The Fair Credit Reporting Act applies the principles of the Code of Fair Information Practice to credit reporting agencies. The FCRA allows individuals to opt out of unwanted credit offers:
- Equifax (888) 567-8688 Equifax Options, P.O. Box 740123 Atlanta GA 30374-0123.
- Experian (800) 353-0809 or (888) 5OPTOUT P.O. Box 919, Allen, TX 75013
- TransUnion (800) 680-7293 or (888) 5OPTOUT P.O Box 97328, Jackson, MS 39238.
The Fair Credit Reporting Act has been effective in preventing the proliferation of specious so-called private credit guides. Before 1970,[when?] private credit guides offered detailed, if unreliable, information on easily identifiable individuals. Before the Fair Credit Reporting Act, salacious unsubstantiated material could be included – and in fact, gossip was widely included in credit reports. EPIC has a FCRA page. The Consumer Data Industry Association, which represents the consumer reporting industry, also has a website with FCRA information.
The Fair Credit Reporting Act provides consumers the ability to view, correct, contest, and limit the uses of credit reports. The FCRA also protects the credit agency from the charge of negligent release in the case of misrepresentation by the requester. Credit agencies must ask the requester the purpose of a requested information release, but need to make no effort to verify the truth of the requester's assertions. In fact, the courts have ruled that, "The Act clearly does not provide a remedy for an illicit or abusive use of information about consumers" (Henry v Forbes, 1976). It is widely believed that in order to avoid the FCRA, ChoicePoint was created by Equifax at which time the parent company copied all its records to its newly created subsidiary. ChoicePoint is not a credit reporting agency, and thus FCRA does not apply.
The Fair Debt Collection Practices Act similarly limits dissemination of information about a consumer's financial transactions. It prevents creditors or their agents from disclosing the fact that an individual is in debt to a third party, although it allows creditors and their agents to attempt to obtain information about a debtor's location. It limits the actions of those seeking payment of a debt. For example, debt collection agencies are prohibited from harassment or contacting individuals at work. The Bankruptcy Abuse Prevention and Consumer Protection Act of 2005 (which actually gutted consumer protections, for example in case of bankruptcy resulting from medical cost) limited some of these controls on debtors.
The Electronic Communications Privacy Act (ECPA) establishes criminal sanctions for interception of electronic communication. However, the legislation has been criticized for lack of impact due to loopholes.