Congress has often lagged behind other institutions in the protection of individual privacy. State laws often provide greater privacy protections than their federal counterparts, and courts and legal commentators have often presaged Congressional action. Despite its general laggardness, however, Congress’ forays into privacy law are numerous and varied. When Congress does act, it often seems torn between competing values: individual freedom vs. national security, or individual privacy vs. free-market principles. As a result, Congressional protection of privacy often falls far short of what privacy advocates would urge and, in most cases, below that of even state legislative efforts.
The earliest federal efforts to protect privacy centered on the Census of the Population and the Census of Manufactures. The nineteenth and early twentieth centuries saw various Congressional attempts to assure citizens that any information gathered under the Censuses would be held in strictest confidence. Congress passed laws criminalizing the disclosure of any nonstatistical data gathered by the Censuses.
Other than the Census, however, Congress was slow to act to protect information privacy concerns. While state courts and legislators were busy developing various legal remedies to protect individual privacy, Congress was silent. It was not until various high-profile controversies, including Watergate and revelations of FBI profiling of civil rights activists, that Congress began to act. A number of important privacy-related hearings were held by Congress in the 1960s and, as a result, a consensus began to emerge that some federal laws were required to protect individual privacy and curb government excesses.
Although most privacy advocates urged Congress to pass a comprehensive privacy law, governing all data collection, compilation, and dissemination practice in the public and private sectors, Congress chose to pass narrower laws that generally left the free-market unregulated. The Privacy Act (1974) did apply to all information held by the federal government and included a number of important rights for citizens such as the right to be notified of information uses, the right to access government files, and the power to have errors corrected. Despite the Privacy Act’s broad protections, it did not apply to the private sector.
Private sector regulation was limited to specific areas where the data in question were believed to be highly sensitive. As a result, Congress in the 1970s did pass a number of laws to protect credit information, Fair Credit Reporting Act (1970), financial privacy, Right to Financial Privacy Act (1978), and education records: Family Education Rights and Privacy Act (1974). A number of laws were also passed to limit the federal government’s power to engage in surveillance of citizens, Wiretap Statute (1968, 1970), Foreign Intelligence Surveillance Act (1978), and to, later, to protect electronic and digital communications and information: Electronic Communications Privacy Act (1986), Computer Fraud and Abuse Act (1984). These acts, amended from time to time, reveal Congress’ general intent to leave the private sector generally free from privacy regulation while protecting those areas deemed most dangerous and sensitive.
This piecemeal approach continued throughout the l980s and to the present. Over the last few decades, Congress has passed laws to protect video rental information, Video Privacy Protection Act (1998); drivers’ license information, Drivers Privacy Protection Act (1996); data related to television and telephone habits, Cable Privacy Protection Act (1984), Telephone Consumer Protection Act (1991), strengthened financial privacy, Gramm-Leach-Bliley (1999); and passed strong medical data privacy legislation, HIPAA (1996).
The last decade has witnessed strong pressure on Congress to pass new laws protecting online privacy and, in the aftermath of 9/11, to pass laws that balance privacy and security interests. Passage of the USA PATRIOT Act (2001) reworked many prior privacy rules and granted the federal government increased antiterrorism powers to investigate and use data previously held confidential under various laws and regulations. As technologies and new national security threats emerge, Congress will be asked to review its current approaches. Numerous privacy advocates continue to call for more comprehensive privacy legislation that would regulate all private and public sector data collection. Although Congress has seldom been visionary in its privacy laws, there is no doubt that this is an issue that will increasingly form part of its agenda.
DOUGLAS J. SYLVESTER
References and Further Reading
Cases and Statutes Cited
See also Anonymity in Online Communications; Cable Television Regulation; Electronic Surveillance, Technological Monitoring, and Dog Sniffs; Fair Credit Reporting Act, 84 Stat. 1127 (1970); Freedom of Information Act (1966); National Security; 9/11 and the War on Terrorism; Nixon, Richard Milhous; Omnibus Crime Control and the Safe Streets Act of 1968 (92 Stat. 3795); Privacy; Privacy, Theories of; State Constitution, Privacy Provisions; Terrorism and Civil Liberties; Video Privacy Protection Act (1980); Wiretapping Laws