Laws and Regulations about Privacy and Confidentiality
There are many federal and state laws and regulations protecting privacy and confidentiality. State laws and
regulations vary widely, and they are difficult to track down; see (insert link for paper from NAS SIPP report).
Here, we provide links to key federal laws, acts, and policies relating to confidentiality
and privacy protections as they affect the use of data. We discuss policies and acts regulating the treatment of human subjects
on a separate page, accessible via the appropriately named link at the left of the page.
A. Health-Related Legislation and Regulation.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule
National standards to protect the privacy and confidentiality of personal health information.
The Patient Safety and Quality Improvement Act of 2005 (PSQIA) Patient Safety Rule.
Confidentiality protections in place to encourage the reporting and analysis of medical errors.
B. Legislation for statistical agencies
The Confidential Information and Statistical Efficiency Act of 2002 (CIPSEA).
This act ensures that information provided to statistical agencies for statistical purposes under a pledge of confidentiality can be used only for
statistical purposes, and that individuals' or organizations' data confidential data should be kept confidential.
Freedom of Information Act
The site provides guidelines as to which data may and may not be disclosed
under the terms of the Freedom of Information Act.
Act of 1974
The site provides an overview of the Privacy Act, which sfeguards personal information held by government agencies from queries by others.
Family Educational Rights and Privacy Act (FERPA)
Protects privacy of educational data.
Several statistical agencies have their own confidentiality statutes, e.g., the Census Bureau, the National Center for Education Statistics, the
National Science Foundation. Search their web sites for specific details.
C. Some International Legislation
Council of Europe's Personal Data Protection Site
European Union's Index of Legislative Documents on Data
D. General Sites
Library of Congress' Thomas Search
Engine for U.S. Federal Legislation
A search engine for the text of bills. You can search by exact bill number, if
known, or by a topic such as "HIPAA," "Confidentiality,"
"Patriot Act," or "E-Government Act of 2002" which will
produce a list of direct links to the legislation.
Information Institute at the Cornell Law School
The site has materials to make law more accessible to students, teachers, and the general public.
The site can be used in addition to the Library of Congress' Thomas
Search Engine for U.S. Federal legislation for older laws.
Code of (U.S.) Federal Regulations (CFR)
The site allows users to access all the Federal regulations issued by any
agency. The CFR is a codification of the general and permanent rules published
in the Federal Register by the Executive departments and agencies of the
Electronic Frontier Foundation
This site contains links to news, links, and law cases related to privacy.
Center for Democracy and Technology
Public interest organization concerned with privacy in communications technologies.