History of Federal Data Privacy Regulations in the US

January 21, 2022 at 3:09 pm by Paul Falcone


Throughout history, the United States has passed quite a few different laws to protect privacy for its citizens. Generally, the laws focus on protecting one specific aspect of privacy, but they cover all bases on that one aspect. With the growing of the digital age, it is important to wonder if the United States is doing a good enough job keeping up with cybersecurity and data privacy.

  • 4th Amendment

One of the first privacy laws the United States passed was the 4th Amendment, which protects people from unlawful searches. While the 4th Amendment protects people from physical and apparent searches, it has encountered problems protecting people in the digital age.

  • Fair Credit Reporting Act (FCRA) 1970

The FCRA protects citizens from their consumer reporting agencies files being used against them. It prevents the use of information in their file being used without their knowledge and it allows a person to know what is in their file. The FCRA also allows a person to dispute inaccuracies and forces agencies to delete false or inaccurate information as well as incomplete information.

  • US Department of Health, Education, and Welfare (HEW) 1973 Computers and the Rights of Citizens

HEW is a report that was focused on the growing use of computers, and how that could impact the future of data keeping and protection. It focused on consequences of using automated personal data systems, how to stop those consequences, and policy for social security numbers.

  • Privacy Act of 1974

The Privacy Act of 1974 was a turning point in data privacy and security. It protects information that would be retrieved by an individual through their name or any other personally identifiable mark, and prevents said information from being disclosed without written consent of the individual in question. The Privacy Act of 1974 is the biggest step the United States took for data privacy, and paved the way for more specific data privacy laws in the future.

  • Federal Educational Rights and Privacy Act (FERPA) 1974

FERPA protects educational information from being disclosed. Essentially, the Act prohibits schools from sending out information to just anyone. Parents are allowed access to the educational info, but once the student turns 18 and continues schooling beyond high school, the rights transfer to the student. There are of course, certain people to whom the schools can send information, but they are all either financial, for the good of the student’s education, or for legal purposes. Schools can disclose certain information, such as name and date of birth of a student, but to do so, they must contact said student beforehand and give them a reasonable amount of time to request it not be shared.

  • Right to Financial Privacy Act (RFPA) 1978

RFPA protects the financial privacy of people. Essentially, it does not allow anyone to view financial information of a person without the person being notified and given a chance to object. In the words of this law, a “person” is judged to be an individual or a partnership of five or less. In other words, it does not extend to corporations or large partnerships.

  • Video Privacy Protection Act of 1988 (VPPA)

The VPPA protects from the disclosure of rental records of “prerecorded video cassette tapes or similar audio visual material.” Effectively, it means that without written consent or a valid warrant, no one can get the information of what a person has rented in the past.

  • The Gramm-Leach-Bliley Act of 1999 (GLBA)

GLBA ensures that financial institutions explain their information sharing processes with a customer. It also makes them safeguard sensitive information. A financial institution constitutes a company that deals in the business of loans, investment advice, or insurance.

  • Health Insurance Portability and Accountability Act of 1996 (HIPAA)

HIPAA protects the health information of individuals. It forces the protection and integrity of health information and it expects institutions to protect against expected anticipated threats against the security of the info as well as illegal disclosure.

  • Driver’s Privacy Protection Act of 1994 (DPPA)

The DPPA protects the information held by any state DMV. It disallows the use or release of personal info obtained from any department in relation to a motor vehicle. The information covered by this act includes name, address, SSN, phone number, and other personal effects. It does not cover traffic violations, accidents, or license status.

  • Children’s Online Privacy Protection Act of 1998 (COPPA)

COPPA protects children’s privacy from being collected or used. A child is defined as being under the age of 13. It requires the consent of a parent for the information of a child to be taken or used. This act works specifically for websites and online services that were targeted at children.

  • Federal Information Security Management Act of 2002 (FISMA)

FISMA is effectively the government protecting its own cybersecurity. This act was the government acknowledging the importance of cybersecurity. It has since been replaced by the Federal Information Modernization Act of 2014, which is commonly referred to as FISMA reform or FISMA2014.

  • Fair and Accurate Credit Transactions Act of 2003 (FACTA)

FACTA provides consumers with more accurate credit related records and entitles them to one free credit report per year from the three credit reporting agencies — Experian, Equifax, and TransUnion. It also grants consumers the ability to purchase additional credit reports for a reasonable price.

  • Telephone Records and Privacy Protection Act of 2006 (TRPPA)

TRPPA prevents pretexting to buy or sell personal phone records. It should be noted that it does not affect information agencies or law officials. Pretexting refers to the imitation or impersonation of someone else in order to gain personal information.

  • State Laws and Federal Mandate

As it currently stands, many of the states have their own specific data privacy laws. Some states have more protection than others. For instance, Massachusetts have passed more data security laws than Tennessee, which has stayed closer to the federal laws alone.

In the current age we live in, data security is a rising problem. As technology improves, more personal information becomes digital, and more security is needed. There needs to be a federal mandate causing the states to all have stronger cybersecurity, as in this current day and age, it is required to be 100% certain that personal information is well protected. Furthermore, if all the states have different laws, companies will not be able to comply with all of them, and will end up not doing business in the United States.

 The United States has consistently been putting out laws to protect privacy and enforce cybersecurity, and with the way history has been, it is safe to assume that they will continue to do so into the future. The next step would logically be the United States releasing a federal mandate to standardize the data privacy laws for all states.

In-Depth Guide to Meeting Federal Data Destruction Regulatory Compliance

January 29, 2021 at 3:28 pm by Amanda Canale

Data security encompasses all aspects of information protection and has been an integral part of federal policy since the Social Security Act of 1934 made it illegal to disclose an individual’s social security number and personally identifiable information (PII). Since then, numerous federal programs and processes specific to the privacy and security of personal, financial, health, and intelligence information have been instituted.

Click the button below for an instant download.

Data Security and Decommissioning in a 5G and Streaming World

at 3:05 pm by Amanda Canale

For consumers of digital media and content creators, the 5G rollout is exciting news. For businesses that store and handle data, however, this transition will present some costly, high security risk challenges. Planning now can protect the future of consumers, data centers, and individual companies that host their data in data centers as the transition to the future begins.

Click the button below for an instant download.

Best Practices in Drafting a Data Decommissioning Policy

at 2:40 pm by Amanda Canale

The amount of data that a company, agency, or individual possesses will continue to exponentially grow as time marches forward. When drives reach their end-of-life through failure, technological obsolescence, or routine upgrade, organizations are faced with several choices on how to dispose of that data securely.

Click the button below for an instant download.

Complying with the New CUI Paper Destruction Mandate While Meeting Federal Sustainability Goals

January 28, 2021 at 8:44 pm by Amanda Canale

This new ISOO directive will redefine what it means to keep CUI data, and ultimately the American people, safe. While executive branches and agencies continue to move towards federally mandated and private sustainability goals, as well as update existing equipment to meet the new CUI standards, it is important to know that systems exist that can assist in meeting both targets in a cost-effective manner with the same end-of-life system. 

Click the button below for an instant download.

A Kind Note from the U.S. Military

November 4, 2020 at 2:37 pm by Amanda Canale

“We have (and use) three of your shredders – all are rock-solid reliable, and an invaluable part of what we do.  Indeed, we can’t do without them.”

—Don W., U.S. Military Client

A Note on Dave Carroll, Sr. Service Technician

September 21, 2020 at 2:37 pm by Amanda Canale
Dave Carroll, Sr. Service Technician

“Dave was exceptional! From the moment we met, he was very professional, friendly, and very easy to work with. We had issues with our disintegrator and Dave worked through everything to make sure we were up and running again. Dave walked me through the entire disintegrator and briquettor and he explained how everything worked in great detail. He showed me what he was doing and why. When asked if he was going to lunch, he replied that he was going to work through lunch to get us up and running — and he did! We hope that Dave is recognized by your company for his exceptional professionalism, work ethic, and commitment to getting the job done.”

—Federal Client 

A Note on Jonathan Eastridge, Field Service Manager

at 2:34 pm by Amanda Canale

“Mr. Eastridge quickly identified the issue with our disintegrator by narrowing it down to a loose wire on the starter.  He also performed a superb job of knocking out the PM, swapping out the blades, and educating our members. Thank you for the exceptional service you’ve provided!”

—Federal Client 

A Note on Phillip Ayers, Service Technician

September 3, 2020 at 1:28 pm by Amanda Canale
Phillip Ayers, Service Technician

“Phillip interacted perfectly with the site, myself, security screeners, disk technicians. Absolutely silk. He did a magnificent job of telling us what was going on if he needed anything, he kept us going with simple status updates and worked with our Technician to get machines in and out of the room. Phillip was genuinely invested in the work and wanted to be sure that it was done correctly. He wanted to be sure the customer was satisfied and I could see the pride he had in his job. SEM took the site from limping along at about 50 percent up to 100% in a matter of four days. Phillip was clean cut, on time, obviously early to bed and early to rise. He showed great respect to our company. I can’t come up with anything that SEM could have done better. As you can tell, I am a big SEM fan.”

—Commercial Client