As A Matter-A FACTA

A Review of Federal Privacy Laws


The Fair And Accurate Credit Transaction Act (FACTA) – this federal law was passed on November 22, 2003. This act allows consumers to request and obtain a free credit report once every 12 months from each of the nationwide consumer credit reporting agencies (Equifax, Experian, and TransUnion). In cooperation with the federal trade commission, the three major credit reporting agencies set up the website,, to provide free access to annual credit reports. The act also contains provisions to help reduce identity theft, such as the ability for individuals to place alerts on their credit histories if identity theft is suspected, or if deploying overseas in the military, thereby making fraudulent applications for credit more difficult. Further, it requires secure disposal of consumer information.

Gramm-Leach-Bliley Act (GLB) – This law is also known as the Financial Services Modernization Act of 1999. With the passage of the GLB, commercial banks, investment banks, securities firms and insurance companies were allowed to consolidate. GLB compliance is mandatory, whether a financial institution discloses nonpublic information or not, there must be a policy in place to protect the information from foreseeable threats in security and data integrity. Major components put into place to govern the collection, disclosure and protection of consumers’ nonpublic personal information, or personally identifiable information include:

Financial Privacy Rule: The Financial Privacy Rule requires financial institutions to provide each consumer with a privacy notice at the time the consumer relationship is established and annually thereafter. The privacy notice must explain the information collected about the consumer, where the information is shared, how the information is used, and how that information is protected. The financial privacy rule ultimately provides for a privacy policy agreement between the company and the consumer pertaining to the protection of the consumer’s nonpublic personal information.

Safeguard Rule: The Safeguards Rule requires financial institutions to develop a written information security plan that describes how the company is prepared for and plans to continue to protect clients’ nonpublic personal information. The plan must include who manages the safeguards, a thorough risk analysis on who is handling the nonpublic personal information and the development, monitoring and testing of the programs in place to secure the information. It is required that these safeguards and programs be updated on a timely basis in accordance to any amendments or revisions to the federal requirements.

Pretexting Protection: Pretexting happens when an unauthorized individual is attempting to gain access to personal nonpublic information. The GLB encourages companies to implement programs that train employees to recognize and deflect inquiries made under pretext. It is even e important to update these plans on a more frequent basis because of the technological advances and methods of obtaining personal information has become even more slick and clever.

Health Insurance Portability and Accountability Act (HIPAA) – HIPAA was passed into law August 21, 1996. It protects individuals health information, whether electronic, written or oral. It also gives consumers rights over their health information and sets rules and limits on who can look at and receive this information. The Security Rule, a Federal law that protects health information in the electronic form, requires entities covered by HIPAA to ensure that electronic protected health information is secure, just as written information is stored and disposed of properly.

Federal Privacy Act of 1974 – The Privacy Act of 1974 protects certain federal government records pertaining to individuals. In particular, the Act covers systems of records that an agency maintains and retrieves by an individual’s name or other personal identifier, such as a social security number. A list of the FTC’s Privacy Act systems of records, including the routine uses of those records, is published in the Federal Register. The FTC’s personnel records system and its consumer complaint database are examples of FTC Privacy Act systems of records. In general, the Privacy Act prohibits unauthorized disclosures of the records it protects. It also gives individuals the right to review records about themselves, to find out of these records have been disclosed, and to request corrections or amendments of these records.

There are more federal laws not mentioned above in regards to the privacy and rights of consumers and businesses as it relates to their sensitive and confidential information and documents. This information must be appropriately obtained and disposed of properly. Corporations are required by law to have policies and procedures in place to enforce and comply with these federal rules and regulations. It is also wise that individuals have their own means of disposing of their personal information as well, for example, having a personal shredder at home.

Next week we will take a look at some companies and individuals that didn’t have established procedures and the events and outcomes of each.