Federal Statutory Privacy Law


An Educational Service of the American Library Association

Office for Information Technology Policy


Prepared by Leslie Harris & Associates  www.lharris.com in conjunction with OITP staff  www.ala.org/oitp



As discussed in prior tutorials, the Supreme Court has espoused a broad, but not unlimited, view of the right to privacy under the Bill of Rights.  The United States does not have a unified federal law generally protecting an individual's right to privacy.  Instead, the Congress has adopted a "patchwork" of laws that place various limitations on the use of personal information in a variety of contexts. 


Among the first federal privacy enactments was the Privacy Act of 1974, which regulates the collection, maintenance, use and dissemination of personal information by federal agencies.  As a general matter, the Privacy Act limits an agency's disclosure of a personal record to anyone, including other federal agencies, without the written permission of the individual to whom the record pertains.  The creation of the Privacy Act was influenced by a seminal report commissioned by the Department of Health, Education and Welfare entitled "Records, Computers, and the Rights of Citizens."  The HEW report set forth the "Code of Fair Information Practice" containing five basic principles that were integrated into the Privacy Act and are often still relied upon as a basis for privacy and information policy.


Other federal laws, including the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act of 1996, and the Fair Credit Reporting Act, limit the collection and use of sensitive personal information collected and maintained by a variety of non-governmental institutions, including banks, health care institutions, and credit card companies.  Additionally, the Driver's Privacy Protection Act protects consumers from the public disclosure of their driving records.  Another law, the Electronic Communications Privacy Act, makes it unlawful, in most circumstances, to intercept or disclose the contents of electronic communications, including e-mail.  While there is no federal law that specifically protects library records, video rental records do enjoy some protection under federal law.  Specifically, the Video Privacy Protection Act of 1988, prohibits video rental providers from disclosing a customer's records without his or her informed, written consent.  Similarly, the Cable Communications Privacy Act and the Telecommunications Act of 1996 protects consumer cable and telephone records, respectively.  There is even a law, the Telephone Consumer Protection Act, which protects consumers from the intrusive behavior of telemarketers. 


Two of the federal laws that may have the greatest direct impact on libraries are the Children's Online Privacy Protection Act (COPPA) and the Family Educational Rights and Privacy Act (FERPA), which will be discussed in depth in subsequent tutorials.  In sum, COPPA requires commercial web sites oriented towards children and certain general interest web sites to obtain parental permission before collecting information from children under 13. FERPA requires educational institutions to protect students' privacy with regard to educational records.  Librarians should be familiar with these statutes to ensure that library policies and practices comply with relevant requirements.


Although federal laws protect privacy in a range of circumstances, those protections are not absolute.  Most federal privacy laws have explicit exceptions.  The Privacy Act, for example, includes twelve exceptions to its nondisclosure rule.  Additionally, national security needs and criminal investigations may often take precedence over federal and state privacy laws and the library professional ethical obligations.  Moreover, subsequent laws such as the USA Patriot Act have eroded many federal privacy protections and created confusion about the continued viability of certain privacy rights.  Law enforcement and national security access to library records will be covered in a future tutorial.   


Further information:

Department of Justice Overview of the Privacy Act



History of the Privacy Act of 1974:



Gramm-Leach-Bliley Act Information: http://www.senate.gov/~banking/conf/


HIPAA Information:



Fair Credit Reporting Act Information:



Consumer Privacy Guide:



Privacy Rights Clearinghouse: http://www.privacyrights.org/fs/index.htm



Copyright 2002, American Library Association, Office for

Information Technology Policy




This Online Privacy Tutorial is a service of the American Library Association. The content of this tutorial is primarily the work of Leslie Harris & Associates in Washington, DC. The views expressed in these messages are not necessarily the views of ALA or Leslie Harris & Associates. This tutorial is for information only and will not necessarily provide answers to concerns that arise in any particular situation. This service is not legal advice and does not include many of the technical details arising under certain laws. If you are seeking legal advice to address specific privacy issues, you should consult an attorney licensed to practice in your state.