Social Security Act of 1934
Declares it illegal to disclose an individual's social security number and personally identifiable information which is obtained by means of a social security number.

Privacy Act of 1974
In establishing this act Congress found:

• The privacy of an individual is directly affected by the collection, maintenance, use, and dissemination of personal information.
• The opportunities for an individual to secure employment, insurance, and credit are endangered by the misuse of certain information systems.
• The right to privacy is a personal and fundamental right protected by the Constitution of the United States Right to Financial Privacy Act of 1978. - This act targeted industrial loan companies, trust companies, saving associations, building and loan companies, credit unions and consumer finance institutions.

A Defining Case in 1988 – The Peril of Discarding Information as Trash
The United States Supreme Court in California v. Greenwood was presented a case that helped define Privacy Rights as it relates to material discarded as trash. Greenwood had thrown out information in his trash that incriminated him in a crime and the information was used to gain a conviction. Greenwood claimed that he was the victim of an unlawful search and that his privacy rights had been violated.
In its ruling the Supreme Court stated that there could be no expectation of privacy in trash left accessible to the public. They further stated it is common knowledge that garbage is readily accessible to animals, children, scavengers, snoops, and other members of the public.

The Modern Era of Privacy Protection Legislation
Privacy protection is experiencing a rebirth in legislative activity. The runaway crime of “identity theft” is largely responsible in causing a groundswell of interest with state and federal politicians. “Identity theft” also has a connection to national security issues and controlling it may literally become a matter of life and death. Here are a few of the major initiatives:

• Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Covers health plans, health care clearing houses, and health care providers. It established national standards for the protection of health information and a timetable for implementation. Enforcement includes civil and criminal penalties. The Department of Health and Human Services is responsible for enforcement.

• Economic Espionage Act of 1996
This act helps companies recover damages from loss of trade secrets as a result of industrial espionage from interstate or foreign competitors. The Attorney General or organization can initiate action. One requirement of the act is that trade secrets must be the subject of adequate safeguards. This implies that trade secret information cannot be thrown in the trash for a prosecution to be effective.

• Gramm-Leach-Bliley Act of 1999
Rules concerning financial information and privacy notices. Under the GLB Safeguards rule there are requirements for adequate administrative, technical, and physical safeguarding of personal information. The FTC is responsible for enforcement.

• Fair Credit Reporting Act of 2001
Promotes accuracy in consumer reports and is meant to ensure the privacy of the information in them.

Sarbanes-Oxley Act of 2002
The law raises the stakes for disposing of records to avoid prosecution and therefore adds more pressure on data privacy and on having formal rules for what information must be securely retained and what information can be destroyed. The law also raises the bar for oversight and the need to publicly report known problems.

Fair and Accurate Credit Transactions Act of 2003 (FACTA)
This act expanded several FCRA provisions and provides protection for victims of identity theft and includes one free credit report per year. The Disposal Rule requires disposal practices that are reasonable and appropriate to prevent the unauthorized access to – or use of – information in a consumer report.

Notification of Security Breaches (California Civil Code 1798.80-1798.84)
Requires reasonable steps for destruction of personal information no longer to be retained; requires notification of California residents whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person due to a breach of security of a computer system.