Okay, ready? So, you’re doing business in the US 2022. You need to know about privacy law.
Well, the problem is that the US has no general data protection law regulating how companies handle consumer data. Europe has one - it’s called (get this!) - the General Data Protection Regulation. The US has a hodgepodge of laws about types of data; and more general laws applicable in certain states.
We’ve got: HIPAA, COPPA, FERPA, FCRA, GLBA, ECPA, SLURPA, and the FTC Act.
Actually, SLURPA is not real.
But the rest are:
HIPAA, COPPA, FERPA, FCRA, GLBA, ECPA, and the FTC Act. [Is that funny?]
HIPAA, Health Insurance Portability and Accountability Act, is for health data - mostly for health-related entities, like doctors, hospitals, pharmacies, and insurers - as well as HR departments in some cases.
COPPA, the Children’s Online Privacy Protection Rule (COPPA) focuses on companies, websites, and online services, collecting data of minors under 13;
FERPA, Family Educational Rights and Privacy Act, focuses on educational records,
FCRA, The Fair Credit Reporting Act (FCRA), is about credit bureaus and information in credit reports;
The GBLA, the Gramm-Leach-Bliley Act focuses on consumer financial products, such as loan services or investment-advice services, and how financial companies gather and share data;
The ECPA, the Electronic Communications Privacy Act is about government and private sector surveillance (though some of this has been updated or repealed);
The FTC Act - Federal Trade Commission Act, isn’t really a privacy law, but it does give the FTC the power to investigate and fine [right?] companies that violate their own privacy policies.
Those are the subject specific Federal laws -
But some states have general data protection laws for their residents: https://iapp.org/resources/article/us-state-privacy-legislation-tracker/
Most famously, California has the California Consumer Privacy Act (CCPA), and an update called the California Privacy Rights Act (CPRA). Virginia has the Virginia Consumer Data Protection Act (VCDPA), and Colorado, the Colorado Privacy Act (ColoPA). Many more states are considering passing privacy laws.
So that’s the landscape. Start getting used to the delicious legal alphabet soup of privacy laws!