Curious how privacy regulations have evolved over the years? Check out our timeline of privacy laws’ “greatest hits.”
Contents
United Nations Universal Declaration of Human Rights (UDHR)
The UDHR was put forth by the United Nations General Assembly in Paris on December 10, 1948, as a “common standard … for all peoples and all nations.” It comprises 30 articles defining basic human rights, with Article 12 stating “No one shall be subjected to arbitrary interference with his privacy…” and that “everyone has the right to the protection of the law against such interference or attacks.” The UDHR has been the basis for many constitutions and human rights treaties around the world.
The Family Educational Rights and Privacy ACT (FERPA)
FERPA is a Federal law that protects the privacy of student education records. It was signed into law by President Gerald Ford on August 21, 1974. It applies to any school that receives funds through Department of Education programs. It gives parents rights related to their children’s educational records, which transfer to the student when they reach 18 or attend a post-secondary school.
The Privacy Act of 1974
The US Privacy Act was enacted December 31, 1974. It places limits on how federal agencies collect, maintain, use, and share personally identifiable information. It also requires federal agencies to give the public notice of their systems of records, prohibits disclosure of information without written consent (unless for the purpose of specific statutory exceptions), and provides individuals access to view and correct their records.
Telephone Consumer Protection Act (TCPA) and National Do Not Call Registry
In 1991, the US Congress passed the Telephone Consumer Protection Act to address the growing number of telephone marketing calls being made to US consumers. The TCPA restricts telemarketing calls and the use of automatic telephone dialing systems with prerecorded voice messages. In 1992, additional rules were adopted to require entities making these calls to implement procedures for creating and maintaining do-not-call lists.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA was signed into law on August 21, 1996 by President Bill Clinton. Two key sections, the Privacy Rule and the Security Rule, were published in December 2000 and February 2003, respectively. The Privacy Rule sets national standards for the protection of individually identifiable health information by covered entities who conduct health care transactions electronically. The Security Rule sets national standards for protecting the confidentiality, integrity, and availability of electronically protected health information.
Children’s Online Privacy Protection Act (COPPA)
The Children’s Online Privacy Protection Act was signed by President Bill Clinton on October 21, 1998. The intent of COPPA is to provide control for parents over information collected online from their young children. It protects children under age 13 and applies to commercial websites and online services, including IoT devices and mobile apps that collect, use, or disclose personal information from children.
Gramm-Leach-Bliley Act (GLBA)
On November 12, 1999, President Bill Clinton signed the Gramm-Leach-Bliley Act into law. GLBA requires financial institutions to protect the privacy of consumers’ personal financial information. These financial institutions are required to develop privacy policies and give notice of those policies to their customers annually. Financial institutions are also required to give notice before disclosing a consumer’s personal financial information to an unaffiliated third party, and to provide an opportunity for that consumer to “opt-out” from such disclosure.
General Data Protection Regulation (GDPR)
The EU General Data Protection Regulation, in effect since May 25, 2018, provides a legal framework of guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). Among other things, GDPR provides individuals rights to be informed about their personal data, to access and correct their personal data, and to erase and restrict processing of their personal data.
California Consumer Privacy Act (CCPA)
CCPA was signed into law by Governor Jerry Brown, June 28, 2018, and went into effect January 1, 2020. Similar to the GDPR, It provides California residents with the right to know what personal data is being collected about them and to access that data, to know whether and to whom their personal data is being sold or disclosed – and to say no to that disclosure, and to request their personal information be deleted.
Personal Information Protection Law (PIPL)
China’s Personal Information Protection Law took effect November 1, 2021. It is similar in many respects to the European GDPR and is intended to “protect the rights and interests of personal information, regulate personal information processing activities, and promote the rational use of personal information.” If an organization breaches PIPL, it can be faced with fines of up to 50 million yuan ($7.8 million) or 5% of its annual revenue. Because key elements of the regulatory framework have yet to be announced, strict enforcement of these requirements is not likely for some time.
You can explore this topic further at the following links: