What Is Privacy Law?

July 30, 2019


Many transactions require the transfer of personal information that, when mishandled or misappropriated, can result in harm to consumers across the United States. For this reason, the federal government and many state governments enforce laws that regulate the collection, use, and storage of personal information. These so-called “privacy laws” can apply to healthcare, education, telecommunications, financial transactions, and much more. The intricate web of privacy laws in the U.S. can be difficult to understand, and not every company or entity complies with privacy laws, putting consumers at risk.

What does a Privacy Law Firm Do?

Privacy lawyers can take on many roles, both in the private and public sector. A private law firm can represent many types of clients, including consumers who suffered harm due to data breaches or other privacy law violations. Lawyers can oversee transaction involving sensitive information, help create policy, engage in litigation, and more. Some privacy law firms advise companies on compliance matters when it comes to how they handle sensitive information.

Anyone who has concerns about their personal information being compromised or other privacy law matters should not hesitate to contact an experienced privacy lawyer to discuss their rights and options.

Examples of Privacy-Related Laws

There have been many different federal statutes enacted that aim to protect personal information, and the following are only some examples:

    • The Federal Trade Commission Act (“FTC Act”) – This is the primary privacy statute that protects consumers when companies do not abide by the terms of their own privacy policies, causing harm to consumers who provided information.
    • The Fair Credit Reporting Act (“FCRA”) – This law dictates how companies may use credit card numbers and consumer reports without compromising the privacy and information of consumers.
    • The Health Insurance Portability and Accountability Act (“HIPAA”) – This is a commonly-known law that protects a patient’s healthcare and identifiable information collected and stored by healthcare providers.
    • The Children’s Online Privacy Protection Act (“COPPA”) – This statute governs the privacy of data collected from minors younger than age 13 by mobile apps, commercial websites, and other online services, including video games.
    • The Controlling the Assault of Non-Solicited Pornography and Marketing Act (“CAN-SPAM Act”) – This law regulates when companies can send unsolicited marketing and commercial emails to consumers.
    • The Gramm-Leach-Bliley Act (“GLBA”) – This protects the personal information that consumers may need to provide to financial institutions.

The above are all examples of federal legislation that applies to all 50 states. While violations of these laws can result in civil penalties, many of these laws do not have provisions granting consumers the right to take individual action against a company.

Many state legislatures have enacted their own privacy laws, while others simply abide by the federal law. The current relevant law in Virginia is the Personal Information Privacy Act, while different laws in the District of Columbia protect the confidentiality of personal information, as well as require notification for consumers about security breaches.

Changing Privacy Laws

In recent months, there has been a resurgence when it comes to data privacy laws, largely inspired by already passed legislation in California, Vermont, and the European Union (EU). Many other jurisdictions have followed suit and proposed legislation that strengthens protections for consumers, including:

      • Virginia
      • Washington, D.C.
      • Illinois
      • Connecticut
      • Hawaii
      • Louisiana
      • Massachusetts
      • Maine
      • Minnesota
      • North Dakota
      • New Hampshire
      • New Jersey
      • New York
      • Pennsylvania
      • Rhode Island
      • South Carolina
      • Texas
      • Washington
      • Puerto Rico

In Virginia, HB 2793 would impose stricter requirements for businesses that collect personal information, including the proper disposal of records when the information is no longer needed. Companies will also need to have reasonable security measures to protect collected sensitive information, and the law imposes cyber security standards for devices that connect to the internet.

The District of Columbia also proposed the Security Breach Protection Amendment Act of 2019, which seeks to strengthen and modernize D.C.’s privacy laws in line with developments in telecommunications and internet use. If passed, the new law would broaden the types of personal information that are protected, require companies to create safeguards for information protection, follow reporting guidelines for data breaches, and more.

The number of states considering many different types of stricter privacy laws is putting pressure on the federal government to potentially overhaul its fractured data privacy laws. Harmonized federal legislation would mandate consistent standards across the U.S., instead of having different requirements and compliance issues for each different state.

Privacy Law in the News

Many large companies are monetizing consumer information at unprecedented levels, and many consumers are unaware of how their information is being used or disseminated. Lately, many different major corporations have incurred extensive penalties or agreed to massive settlements due to the misuse of protected data. The following are only a few of the stories in recent news regarding privacy law:

      • Nearly half of the United States population was affected when there was a data breach of Equifax, one of the three major credit reporting bureaus. Sensitive information was released for about 147 million Americans, leading to many risks and hassles, and Equifax has now agreed to a $650 million settlement to compensate citizens for their losses and wasted time.
      • At the time, Equifax’s settlement was the largest in history for data and privacy issues. However, the Federal Trade Commission (FTC) just announced it has settled with Facebook for a whopping $5 billion for privacy-related practices. Specifically, the settlement stems from allegations that a political consulting firm accessed the personal information of about 87 million Facebook users without their consent or knowledge. The settlement also requires an overhaul of Facebooks previously questionable privacy practices.
      • Global company Marriott faces a penalty of about $123 million in the United Kingdom arising from a 2018 data breach that exposed the personal information of more than 339 million guests of Marriott hotels. The penalty is possible due to the EU’s strengthened privacy law, the European General Data Protection Regulation (GDPR). The GDPR also resulted in a $230 million penalty against British Airways after the exposure of personal and payment information of around 500,000 passengers.
      • The FTC reportedly settled on a multi-million dollar (exact amount undisclosed) settlement with Google for violations of COPPA involving YouTube. The Justice Department and the FTC also assigned special supervising divisions to watch Facebook, Amazon, Apple, and Google closely and scrutinize their data privacy practices.
      • There have been numerous large healthcare data breaches in 2019, involving companies like Dominion National, the American Medical Collections Agency (AMCA), Immediata Medicine, UCONN Health, and several others.

These are only the most extensive privacy issues that recently made the news, and there are many additional problems constantly occurring involving a wide range of companies that collect consumer information.

Contact Our Virginia and D.C. Privacy Law Attorneys for More Information

At McClanahan Powers, PLLC, we believe that every consumer should fully understand their rights regarding their shared information, and companies that collect data should understand and abide by their responsibilities under the law. Our privacy law attorneys take on a wide range of cases involving compliance, consumer protection, data breaches, notification to the public, and more. If you are in Virginia or the D.C. area and would like to discuss how our firm may help you, do not hesitate to call 703-520-1326 or contact us online today.