Privacy Laws

There are a number of laws protecting your privacy and the privacy of your information. This page describes several of them, but it is not meant to be comprehensive. If you have specific questions regarding privacy laws, you should consult with an attorney.

Georgia does not have any specific “state” privacy laws. Still, in Georgia, violation of a law requiring someone to do (or not do) something is deemed a tort and “the injured party may recover for the breach of such legal duty if he suffers damage.” See O.C.G.A. § 51-1-6. Further, there is a common law tort for invasion of privacy. In Troncalli v. Jones, the Court of Appeals said that under “Georgia case law, the concept of invasion of privacy encompasses four loosely related but distinct torts, as follows: (1) intrusion upon the plaintiff’s seclusion or solitude, or into his private affairs; (2) public disclosure of embarrassing private facts about the plaintiff; (3) publicity which places the plaintiff in a false light in the public eye; and (4) appropriation for the defendant’s advantage of the plaintiff’s name and likeness. See also Sun v. Langston.

The Privacy Act of 1974

The Privacy Act of 1974, as amended, 5 U.S.C. § 552a, establishes a code of fair information practices governing the collection, maintenance, use, and dissemination of information about individuals that is maintained in systems of records by federal agencies. A system of records is a group of records under the control of an agency from which information is retrieved by the name of the individual or by some identifier assigned to the individual.

Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule

HIPAA includes privacy rules that protect your health care information. Most of these rules appear in the regulations authorized by statute. The rules are summarized here.

Section 203 of the Bipartisan Budget Act of 2013

Access to information contained in the Social Security Administration’s Death Master File (DMF) is limited for a three year period beginning on the date of an individual’s death. Access is limited to authorized users.

Driver’s Privacy Protection Act

The Driver’s Privacy Protection Act, 18 U.S.C. § 2721 et seq., prohibits disclosure of private data collected by State departments of motor vehicles except for legitimate purposes. Those purposes include:

(1) For use by any government agency, including any court or law enforcement agency, in carrying out its functions, or any private person or entity acting on behalf of a Federal, State, or local agency in carrying out its functions.
(2) For use in connection with matters of motor vehicle or driver safety and theft; motor vehicle emissions; motor vehicle product alterations, recalls, or advisories; performance monitoring of motor vehicles, motor vehicle parts and dealers; motor vehicle market research activities, including survey research; and removal of non-owner records from the original owner records of motor vehicle manufacturers.
(3) For use in the normal course of business by a legitimate business or its agents, employees, or contractors, but only— (A) to verify the accuracy of personal information submitted by the individual to the business or its agents, employees, or contractors; and (B) if such information as so submitted is not correct or is no longer correct, to obtain the correct information, but only for the purposes of preventing fraud by, pursuing legal remedies against, or recovering on a debt or security interest against, the individual.
(4) For use in connection with any civil, criminal, administrative, or arbitral proceeding in any Federal, State, or local court or agency or before any self-regulatory body, including the service of process, investigation in anticipation of litigation, and the execution or enforcement of judgments and orders, or pursuant to an order of a Federal, State, or local court.
(5) For use in research activities, and for use in producing statistical reports, so long as the personal information is not published, redisclosed, or used to contact individuals.
(6) For use by any insurer or insurance support organization, or by a self-insured entity, or its agents, employees, or contractors, in connection with claims investigation activities, antifraud activities, rating or underwriting.
(7) For use in providing notice to the owners of towed or impounded vehicles.
(8) For use by any licensed private investigative agency or licensed security service for any purpose permitted under this subsection.
(9) For use by an employer or its agent or insurer to obtain or verify information relating to a holder of a commercial driver’s license that is required under chapter 313 of title 49 [49 U.S.C. §§ 31301 et seq.].
(10) For use in connection with the operation of private toll transportation facilities.
(11) For any other use in response to requests for individual motor vehicle records if the State has obtained the express consent of the person to whom such personal information pertains.
(12) For bulk distribution for surveys, marketing or solicitations if the State has obtained the express consent of the person to whom such personal information pertains.
(13) For use by any requester, if the requester demonstrates it has obtained the written consent of the individual to whom the information pertains.
(14) For any other use specifically authorized under the law of the State that holds the record, if such use is related to the operation of a motor vehicle or public safety.

Gramm–Leach–Bliley Act

The Gramm–Leach–Bliley Act became effective in the United States In 1999. It is also known as the Financial Services Modernization Act of 1999. The Act requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data.