In sharp contrast to the UK, the US will not have one single national law regulating the collection and utilization of information. Instead, the United States has a patchwork system of states and federal laws that can occasionally dovetail, overlap and contradict one another on Data Protection. Also, there is lots of guidelines, established by business groups and governmental agencies that don’t have the force of laws.
You’ll find various national privacy-related laws that regulate data collection and use. Some apply to specific advice groups, such as electronic communications, well-being or financial advice. Others are appropriate to undertakings that use personal information, like commercial email and telemarketing. Moreover, there are a lot of consumer protection laws which although they are not privacy laws, prohibit deceptive and unfair practices including security procedures for protecting private information.
Without restriction, the following are the important national laws that deal with data protection:
1) The Federal Trade Commission Act (15 U.S.C. §§ 41-58) (FTC Act)
FTC Act is a consumer protection law that outlaws deceptive and unfair practices and is largely applied to online and offline data security policies. This law has brought plenty of enforcement actions against companies failing to comply with privacy policies as well as for revealing private data without power.
2) The Financial Services Modernization Act (15 U.S.C. §§ 6801-6827)
This Act controls how institutions collect, use and disclose financial advice. The act applies generally to financial institutions including insurance companies, banks, and security firms, and also to other companies that offer financial services and products. It prohibits revealing non-public personal information. In some cases, it requires associations to give notice of privacy policies and chances for folks involved to opt out of having their data shared.
3) The Health Insurance Portability and Accountability Act (42 U.S.C. § 1301 et seq.)
Also referred to as HIPAA, this act controls medical information. It employs widely to data processors, health care providers, pharmacies and also other bodies that work with medical information.
4) The Fair Credit Reporting Act (15 U.S.C. § 1681)
This Act applies to all consumer reporting agencies, firms that use consumer reports like lenders and those who offer consumer-reporting advice. Consumer reports are communication made available from consumer reporting bureau including consumer’s creditworthiness, character, credit history, credit capacity, and general advice that may be utilized to evaluate consumers’ eligibility for insurance or credit.
5) The Telephone Consumer Protection Act (47 U.S.C. § 227 et seq.) and the Controlling the Assault of Non-Solicited Pornography and Marketing Act (15 U.S.C. §§ 7701-7713 and 18 U.S.C. § 1037) control the collection and use of telephone numbers and e-mail addresses, respectively.
At the state level, there are many laws that control how individuals and organizations gather and use private data. On some cases, federal data protection laws preempt laws of the states about the same theme. As an example, the federal law that regulates commercial email pre-empts many state laws regulating similar actions.
As you’ve got noted, the US has many data protection laws and your fintech business must know about all those laws. Depending on the state your organization is located; ensure your organization is complying with both federal and state data protection law.