From the course: CIPP/US Cert Prep: 1 U.S. Privacy Environment

Federal regulatory authorities

From the course: CIPP/US Cert Prep: 1 U.S. Privacy Environment

Start my 1-month free trial

Federal regulatory authorities

- [Instructor] There are quite a few federal government agencies involved in the protection of personal privacy. The Federal Trade Commission, or FTC, is the federal agency with the most sweeping responsibility for enforcing privacy laws and regulations in the United States. This authority derives from the FTC's mandate to protect consumers against unfair and deceptive trade practices. We'll discuss that authority in greater detail later in this course. The FTC also has specific responsibilities under the Children's Online Privacy Protection Act, COPPA, that allow the FTC to enforce privacy rules protecting children under the age of 13 when those children are interacting with websites. The FTC does not have authority over financial institutions. That authority is actually somewhat complex and is held by a number of other federal regulatory agencies. The Consumer Financial Protection Bureau has the authority to enforce privacy regulations against financial institutions under the Gramm-Leach-Bliley Act. Other bank regulators also have the ability to bring enforcement actions against financial institutions. These include the Federal Reserve Board, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, and the National Credit Union Administration. The Department of Health and Human Services also plays an important role in federal privacy protection as the lead agency responsible for the implementation of HIPAA, the Health Insurance Portability and Accountability Act. HIPAA includes a privacy rule that regulates the ways that healthcare organizations handle protected health information. The Federal Communications Commission has authority over all interstate and international communications by telephone, radio, television, wire, satellite, and cable that have at least one end in the United States. The FCC regulates the providers of these services and promulgates privacy regulations that limit how providers may share or disclose consumer account records. The Department of Commerce operates the US side of the European Union-United States Privacy Shield agreement. This is a Safe Harbor Agreement that provides a mechanism for organizations to transfer private information from Europe to the United States without running afoul of EU law. Each of these federal agencies has its own unique regulations and jurisdiction. As with other privacy law, you will need to assess your own organization's activities to determine which agencies have authority to regulate your handling of private information.

Contents