Requirements for Personal Information Protection: U.S. Federal Law (2017)

A study by Virginia Jones, CRM, FAI (2008) [Funded by a grant from the Metropolitan New York City Chapter of ARMA International]

Revised by Virginia Jones, CRM, FAI (2017) [Funded by the Foundation]


This paper is the first of a two-part research project, funded by the Foundation, to identify privacy laws that impact records management programs. This paper covers protection of personal privacy information in U.S. federal law.

In Public Law 93-579, enacted in 1974 as the Privacy Act, Congress found that the right to privacy is a personal and fundamental right protected by the Constitution of the United States. The need for information privacy encompasses all segments of the population. This paper discusses 32 federal personal information protection laws and their records management impact. The paper is not a definitive compilation of all Privacy law, but includes many high-profile privacy laws and regulations. It does not cover identity theft laws or data security laws unless the law included a significant privacy of personal information element.  Each summary includes the year the Act was passed, the citation (either U.S. Code or Public Law), a summary of provisions, definitions of personally identifiable information and records related terms where applicable, and any implied or explicit RIM impact. The summary of provisions includes overviews of the major provisions of each law.