Laws, Regulations, and Policies
There are many laws, regulations, cases, and policies that govern the different concepts of privacy.
Each state, country, and sometimes industry may have its own privacy laws covering various things. Laws related to bodily, territorial, and communication privacy have existed for many decades and have substantial case law.
Examples of laws, regulations, cases, and policies that impact bodily, territorial, or communications privacy include:
- 4th Amendment of the US Constitution (searches and seizures)
- Article 1 of the California Constitution
- US PATRIOT and FREEDOM Acts
- US Wiretap Act and California Law Enforcement Interception of Mobile Communications
- California court cases on employee/applicant drug testing
- UC Electronic Communications Policy
- Trespass laws
- Invasion of privacy laws, such as intrusion, unreasonable publicity, and appropriation of likeness
- Griswold v. Connecticut
- Roe v. Wade
- A comprehensive list of University of California's privacy policies and references can be found here
Even so, new technologies have tested these laws that were written for a different time. Laws that were written with the postal system or a wallet in mind don’t translate neatly to a world of ISPs and smart devices. Sometimes, privacy issues are couched within other laws or cases.
Data privacy laws, on the other hand, are relatively new. They are constantly changing to keep up with the new technologies that have drastically expanded our understanding of how we collect data and the utility of that data. Data privacy laws are not only concerned with keeping data confidential, but also with empowering individuals to control and understand what data are collected and how they are used, to participate in that process where possible, and to be notified of any incidents related to their data. Examples of data privacy laws are:
- Health/Medical: US Health Insurance Portability and Accountability Act of 1996 (HIPAA); California Confidentiality of Medical Information Act (CMIA); Confidentiality of Alcohol and Drug Abuse Patient Records regulation
- Students: US Family Education Rights and Privacy Act (FERPA); California Education Code on contracting with ed tech vendors
- Comprehensive law protecting individuals in Europe and China, respectively: European Union’s General Data Protection Regulation (GDPR), China's Personal Information Protection Law (PIPL)
- California Information Practices Act of 1977
- Children’s Online Privacy Protection Act (COPPA)
- Comprehensive law protecting consumers in California: California Consumer Privacy Act (CaCPA) effective 2020
- UC President Yudof's 2010 letter regarding Social Security Numbers