Federal Data Privacy Acts

The federal government has multiple data privacy laws designed to protect the public. No one law provides complete protection – instead, there are sector-specific laws. These include:
 

• U.S. Privacy Act of 1974
• Federal Educational Rights and Privacy Act of 1974
• Video Privacy Protection Act of 1988
• Driver’s Privacy Protection Act of 1994
• Health Insurance Portability and Accountability Act of 1996
• Children’s Online Privacy Protection Act of 1998.

 

U.S. Privacy Act of 1974

This Act regulates the government’s collection and use of personally identifiable information about individuals. Prohibited disclosure of this information is punishable by criminal penalties. The Act statesat 5 U.S.C. section 552a(i)(1):

“Any officer or employee of an agency, who by virtue of [their] employment or official position, has possession of, or access to, agency records which contain individually identifiable information the disclosure of which is prohibited by this section or by rules or regulations established thereunder, and who knowing that disclosure of the specific material is so prohibited, willfully discloses the material in any manner to any person or agency not entitled to receive it, shall be guilty of a misdemeanor and fined not more than $5,000.”


While this privacy law provides criminal penalties, it creates no private right of action.
 

Federal Educational Rights and Privacy Act of 1974

The privacy of student education records is protected under this Act. It applies to educational institutions that receive funds from the United States Department of Education. The law also gives students (18 or over) or their parents (students under 18) certain rights. These include the right to:
 

• Inspect and review the student’s academic record maintained by the school.
• Request correction of records that the parent or eligible student believes are incorrect. If the school declines to modify the academic record, a formal hearing is available to the parent of eligible students.

There is no private right of action under this Act. However, if a parent or eligible student believes their privacy rights have been violated, they may file a complaint with the Department of Education. If this department finds a violation, it may issue a corrective action to the educational institution and even end funding.
 

Video Privacy Protection Act of 1988 (VPPA) and Amendments

This narrow law protects consumers against the following:
 

• Disclosure, without written, informed consent, of personally identifiable information related to the rental of videos.
• Disclosure, without a warrant or court order, of information to law enforcement.
• Long-term retention of consumer rental records by video rental stores.

The VPPA, at 18 U.S.C. section 2710(c)(1), allows the following civil action:

(1) Any person aggrieved by any act of a person in violation of this section may bring a civil action in a United States district court.(2)The court may award …actual damages but not less than liquidated damages in an amount of $2,500; …punitive damages;… reasonable attorneys’ fees and other litigation cost reasonably incurred; and…such other preliminary and equitable relief as the court determines to be appropriate.

Therefore, unlike many federal privacy laws, the VPPA provides consumers a private right of action. Today, with videotapes being obsolete, there is an emerging area of law applying this Act to modern technology such as digital videos and online streaming services. There is little settled law and ample scope for creativity by the data privacy lawyer.
 

Driver’s Privacy Protection Act of 1994 (DPPA)

This Act requires the states to protect the personal information in a person’s motor vehicle record, such as name, address, phone number, weight, height, photo, and Social Security Number. Exceptions exist for disclosure to law enforcement, civil and criminal proceedings, motor vehicle safety, and other legitimate government functions.

DPPA provides a private right of action against those who knowingly disclose protected information. Remedies include:
 

• Actual damages
• Punitive damages if the disclosure was willful or in reckless disregard of the law
• Reasonable attorneys’ fees and litigation costs
• Equitable relief.

DPPA also provides for fines levied against state departments of motor vehicles of up to $5,000 for substantial noncompliance.
 

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

This law protects a patient’s medical information from being disclosed to unauthorized parties. Noncompliance with HIPAA can ruin a business. HIPAA imposes fines ranging up to $50,000 per violation, with a cumulative limit of $1.5 million per year. Criminal penalties are also available under the law. No private right of action exists.
 

Children’s Online Privacy Protection Act of 1998 (COPPA)

COPPA requires the Federal Trade Commission to promulgate and enforce rules pertaining to children’s privacy online. Its primary focus is to control the type of information collected from minors under 13 years of age. COPPA applies to commercial websites and online services that target minors and use collected data from the children for business purposes.

Both the federal and state governments can take enforcement actions against commercial websites and online services operators, with civil penalties ranging up to $43,792 per violation. COPPA only allows the federal government and state Attorneys General to enforce the law. There is no private right of action.
 

Opportunities for the Data Privacy Attorney Under Federal Privacy Laws

Those data privacy attorneys who represent clients whose privacy has been violated have minimal options under federal privacy law. This is due to two reasons. First, there is no comprehensive federal privacy legislation – instead, there is an incomplete patchwork of laws. Second, with a few narrow exceptions (VPPA and DPPA), there is no right of private action to compensate clients who have had their privacy violated.

To seek full redress and compensation, the data privacy lawyer looks to state law to provide appropriate remedies.
 

State Data Privacy Laws

Unlike the federal government, many states have or are considering comprehensive privacy laws
 

California

This stateis the leader in the field. The Golden State has the 2018 California Consumer Privacy Act (CCPA). It provides a private right of action for both monetary and equitable relief. CCPA, at California Civil Code section 1798. 150(a), states:
“(1)Any consumer whose nonencrypted and nonredacted personal information ... is subject to an unauthorized access and exfiltration, theft, or disclosure as a result of the business’s violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information may institute a civil action.”

Remedies available to the consumer include the greater of up to $750 per incident or actual damages. Equitable relief is also available.
 

Texas

Texas Business and Commercial Code section 521.051(a) provides:

“A person may not obtain, possess, transfer, or use personal identifying information of another person without the other person’s consent and with intent to obtain a good, a service, insurance, an extension of credit, or any other thing of value in the other person’s name.”

A person has a right to bring an action under this statute.
 

Other State Laws

While many states consider specific laws providing comprehensive data privacy protections, other state laws provide causes of action for violation of privacy. These include the torts of negligence and invasion of privacy.
 

Opportunities for the Data Privacy Lawyer Under State Law

A client who has had their private information wrongfully disclosed hires the data privacy lawyer to seek redress. This is not an easy task, as there is no comprehensive federal data privacy law and few state laws explicitly provide rights of action for data privacy breaches. Therefore, the data privacy lawyer must research specific federal legislation and the case law regarding torts to find the law that best provides causes of action for the client.
 

How Do I Become a Data Privacy Lawyer?

Like all careers practicing law, membership in a state bar is required. Many data privacy lawyers work for large law firms, and these companies typically require three to five years of prior legal experience.
 

About Harrison Barnes

Harrison Barnes is a prominent figure in the legal placement industry, known for his expertise in attorney placements and his extensive knowledge of the legal profession.

With over 25 years of experience, he has established himself as a leading voice in the field and has helped thousands of lawyers and law students find their ideal career paths.

Barnes is a former federal law clerk and associate at Quinn Emanuel and a graduate of the University of Chicago College and the University of Virginia Law School. He was a Rhodes Scholar Finalist at the University of Chicago and a member of the University of Virginia Law Review. Early in his legal career, he enrolled in Stanford Business School but dropped out because he missed legal recruiting too much.

Barnes' approach to the legal industry is rooted in his commitment to helping lawyers achieve their full potential. He believes that the key to success in the legal profession is to be proactive, persistent, and disciplined in one's approach to work and life. He encourages lawyers to take ownership of their careers and to focus on developing their skills and expertise in a way that aligns with their passions and interests.

One of how Barnes provides support to lawyers is through his writing. On his blog, HarrisonBarnes.com, and BCGSearch.com, he regularly shares his insights and advice on a range of topics related to the legal profession. Through his writing, he aims to empower lawyers to control their careers and make informed decisions about their professional development.

One of Barnes's fundamental philosophies in his writing is the importance of networking. He believes that networking is a critical component of career success and that it is essential for lawyers to establish relationships with others in their field. He encourages lawyers to attend events, join organizations, and connect with others in the legal community to build their professional networks.

Another central theme in Barnes' writing is the importance of personal and professional development. He believes that lawyers should continuously strive to improve themselves and develop their skills to succeed in their careers. He encourages lawyers to pursue ongoing education and training actively, read widely, and seek new opportunities for growth and development.

In addition to his work in the legal industry, Barnes is also a fitness and lifestyle enthusiast. He sees fitness and wellness as integral to his personal and professional development and encourages others to adopt a similar mindset. He starts his day at 4:00 am and dedicates several daily hours to running, weightlifting, and pursuing spiritual disciplines.

Finally, Barnes is a strong advocate for community service and giving back. He volunteers for the University of Chicago, where he is the former area chair of Los Angeles for the University of Chicago Admissions Office. He also serves as the President of the Young Presidents Organization's Century City Los Angeles Chapter, where he works to support and connect young business leaders.

In conclusion, Harrison Barnes is a visionary legal industry leader committed to helping lawyers achieve their full potential. Through his work at BCG Attorney Search, writing, and community involvement, he empowers lawyers to take control of their careers, develop their skills continuously, and lead fulfilling and successful lives. His philosophy of being proactive, persistent, and disciplined, combined with his focus on personal and professional development, makes him a valuable resource for anyone looking to succeed in the legal profession.

About BCG Attorney Search

BCG Attorney Search matches attorneys and law firms with unparalleled expertise and drive, while achieving results. Known globally for its success in locating and placing attorneys in law firms of all sizes, BCG Attorney Search has placed thousands of attorneys in law firms in thousands of different law firms around the country. Unlike other legal placement firms, BCG Attorney Search brings massive resources of over 150 employees to its placement efforts locating positions and opportunities its competitors simply cannot. Every legal recruiter at BCG Attorney Search is a former successful attorney who attended a top law school, worked in top law firms and brought massive drive and commitment to their work. BCG Attorney Search legal recruiters take your legal career seriously and understand attorneys. For more information, please visit www.BCGSearch.com.