United States Privacy Laws – Part I

There are state and federal privacy laws that are applicable to consumers and commercial organizations. There has been much activity with the collection and distribution of private or confidential information in recent years. Personal information can be collected through several methods such as voluntary disclosures, cookies, website bugs, tracking software, malware (e.g., worms, trojans, spyware), and phishing. For example, tracking software can be used to collect information but there must be proper disclosure. Nonetheless, criminals do not follow the rules or guidelines and it is a known fact they have access to the tools and techniques to extract customer information without obtaining authorization.

Personal information is certainly valuable to its owner. It is also valuable to a bad actor who is seeking to misuse the personal information without authorization. The bad actors who obtain personal information in a secretive manner are planning to gain a profit. They may engage in identity theft or online impersonation by using the wrongfully obtained personal information. Identity theft has caused a significant amount of monetary damages to the victims. There are state and federal laws that prohibit identity theft in every jurisdiction. The National Conference of State Legislatures provides a comprehensive list of these laws. In California, the following state laws prohibit identity theft and provide remedies:

  1. California Penal Code § 368: It prohibits identity theft against elders and disabled persons;
  2. California Penal Code § 530: It prohibits false impersonation of another person;
  3. California Penal Code § 530.5-530.8: It prohibits trafficking of personal information; and
  4. California Penal Code § 1202.4: It authorizes the court to order restitution.

Thus far, the federal government has passed the following laws in an effort to battle identity theft:

  1. Identity Theft and Assumption Deterrence Act: It amended 18 U.S.C. § 1028 to prohibit identity theft and make it a separate crime against the victims. It also increased the penalties for identity theft and fraud by allowing a maximum penalty of 15 years in prison;
  2. Identity Theft Penalty Enhancement Act: It prohibits “aggravated” identity theft – i.e., using someone else’s identity to commit felony crimes such as immigration violations, Social Security benefits theft, and domestic terrorism;
  3. Identity Theft Enforcement and Restitution Act: It amended 18 U.S.C. § 3663(b) to clarify restitution related issues and allow the courts to reimburse victims for the time spent to remediate the harm;
  4. Fair Debt Collection Practices Act: It is codified under 15 U.S.C. §§ 1692, et seq. and prohibits debt collectors from engaging in unfair and deceptive practices; and
  5. Fair Credit Reporting Act: It ensures the accuracy and privacy of credit reports that consumer reporting agencies collect and share with third parties such as financial institutions and other creditors. It allows consumers to dispute incorrect information on their accounts and place “fraud alerts” or “security freezes” to prevent identity theft.

There are several federal privacy laws that have been enacted by the government to protect victims: These federal statutes include: (1) Driver’s Privacy Protection Act; (2) Family Educational Rights and Privacy Act; (3) Gramm-Leach-Bliley Act; and (4) Health Information Portability and Accountability Act. These laws establish disclosure limitation on personal information that is stored and controlled by the departments of motor vehicles. They also implement strict guidelines against financial institutions and health care providers.

The bad actors – i.e., criminals – have been known to use several methods to engage in identity theft. For example, they may watch the victim from a close distance when he or she is entering credit card account or bank account information. They may intercept the victim’s mail to extract personal information. They may also send spam (i.e., unsolicited emails) and request personal information from the recipient.

It’s important to know your legal rights and responsibilities when it comes to privacy laws. Please contact our law firm to speak with an internet privacy attorney at your earliest convenience.