State privacy laws of the United States

Privacy laws vary from state to state within the United States of America. Several states have recently passed new legislation that adapt to changes in cyber security laws, medical privacy laws, and other privacy related laws. State laws are typically extensions of existing United States federal laws, expanding them or changing the implementation of the law.

History
Historically, state laws on privacy date back before the founding of the United States and most authorities left protection of personal information to the individual. However, after the creation of a national economy as a result of the Civil War, governmental agencies were created to recommend stronger privacy protections. This led to the creation of de facto privacy commissioners, such as the Federal Trade Commission (FTC) and the State Attorney General.

The FTC was created in 1914 to protect individuals from harmful trade practices, and in 1995 the FTC began to study and analyze privacy issues in electronic commerce and began to place and enforce regulations.

Most state legislation on privacy are expansions of federal laws.

The Uniform Law Commission has proposed a model bill – the Uniform Personal Data Protection Act (“UPDPA”), which “provides a reasonable level of consumer protection without incurring the compliance and regulatory costs associated with some existing state regimes.”

Types of privacy legislation
There are several different types of privacy legislation currently in place. State laws vary between these niche privacy spheres. Each type of legislation tries to protect a certain area of privacy. Types of legislation include:


 * Medical Privacy
 * Data Privacy
 * Financial Privacy

Laws on biobanks
One major aspect of medical privacy is laws placed on biobanks. A biobank is a collection source that stores and manages human specimens. Major federal laws that apply to biobanks are regulations by the Food and Drug Administration and Common Rule. The Common Rule is a guideline for in the United States on research involving human subjects. Other major federals laws that govern biobanks include: The Privacy Act of 1974, Health Insurance Portability and Accountability Act (HIPAA), Genetic Information Nondiscrimination Act (GINA), Health Information Technology for Economic and Clinical Health (HITECH) Act, and Newborn Screening Saves Lives Reauthorization Act of 2014.

State legislation on privacy tends to follow the same patterns and orders as federal laws in these matters. But in some cases state laws can be more detailed and stringent, while being in ordinance to the federal laws in place. With focus to biobanks, state laws can restrict a laboratory's ability to reject a customer and can regulate what happened with data after a test. Certain states have privacy laws that deal with genetic-specific information. Genetic-specific information relates to information what information like DNA that can be used to find details about individuals. Information that can be collected includes race and gender. State can place legislation that let individuals have control over the tests conducted on their genes and regulate how long data is stored in biobanks. State laws can also control who has control, the individual from whom they were collected or the pharmaceutical companies.

Corporate data security laws
An important aspect of digital privacy laws is cyber security, which encompasses corporate data security. At the national level, the Federal Trade Commission (FTC) is in charge of data security regulation. With relation to cyber security, the FTC makes sure that companies have security application in place and that companies are not misrepresenting their level of digital security. Several aspects of the FTC regulations are outdated and are loosely connected to data security though section 5. Section 5 of the FTC fines companies for having substandard security measures, neglecting the security of consumer data, and failing to train employees on data security. Additional federal laws on this topic include: the Cybersecurity Act of 2015, the Electronics Communications Privacy Act, Computer Fraud and Abuse Act and the Economic Espionage Act.

Financial privacy laws
Financial Privacy laws regulate how companies, specifically those with a focus in finance, handle financial consumer information. Federal laws that regulate this include, Gramm-Leach-Bliley Act, Fair Credit Reporting Act, Fair and Accurate Credit Transactions Act, Credit and Debit Card Receipt Clarification Act, Bank Secrecy Act, Fair Debt Collection Practices Act, Electronic Funds Transfer Act, and the Dodd-Frank Wall Street Reform and Consumer Protection Act. All of these acts make changes at the national level.