personal information

Personal information is contextualized data that can be used to identify a person. Personal information is closely connected to the right to privacy, which has evolved to protect the ability of individuals to determine the kind of information about themselves that should be collected and the ways that their information is used.

Most commercial websites utilize “cookies,” as well as forms, to collect information from visitors such as their name, address, email, demographic information, IP address, financial information, etc. In many cases, this information is then provided to third parties for marketing purposes. Other entities, such as the federal government and financial institutions, also collect personal information. This flow of personal information has created threats of fraud and identity theft, and such threats have been an impetus for right of privacy legislation requiring disclosure of information collection practices, opt-out opportunities, as well as internal protections of collected information. However, such requirements have yet to reach all segments of the marketplace.

15 U.S.C. § 45 charges the Federal Trade Commission (FTC) with preventing “unfair methods of competition in or affecting commerce and unfair or deceptive acts or practices in or affecting commerce.” In matters of privacy, the FTC's role is one of enforcing privacy promises made in the marketplace. Several additional laws form the foundation on which the FTC carries out this charge: the Privacy Act of 1974 (5 U.S.C. § 552a), the Gramm-Leach-Bliley Act of 1999 (also known as the Financial Services Modernization Act of 1999; 15 U.S.C. §§ 6801–6809), the Fair Credit Reporting Act (15 U.S.C. § 1681 et seq.), and the Children's Online Privacy Protection Act “COPPA” (15 U.S.C. §§ 6501–6506).

The Privacy Act of 1974 protects personal information held by the federal government; the Act does this by preventing unauthorized disclosures of such information. Individuals also have the right to review the information, request corrections, and be informed of any disclosures. The Freedom of Information Act facilitates these processes.

The Gramm-Leach-Bliley Act (also known as the Financial Modernization Act of 1999) establishes guidelines for the protection of personal financial information. Financial institutions are required by law ( 15 U.S.C. § 6803) to provide to customers a privacy policy, which explains what kinds of information are collected and how that information is used. Such institutions are also required to develop safeguards to protect the information they collect from customers.

The Fair Credit Reporting Act protects personal financial information that consumer reporting agencies collect. The Act limits those who can access such information, and subsequent amendments have simplified the process by which consumers can obtain and correct the information collected about themselves. The FTC also actively enforces prohibitions on fraudulently obtaining personal financial information, a crime known as “pretexting.”

The Children's Online Privacy Protection Act allows parents to control what information is collected about their child (younger than 13 years old) online. Operators of websites that either target children or knowingly collect personal information from children are required to post privacy policies, obtain parental consent before collecting information from children, allow parents to determine how such information is used, and provide the option to parents to opt-out of future collection from their child.

However, despite the rights described above, other participants in the marketplace are not bound by law to develop similar protections and disclosure practices. Rather, in the remainder of the marketplace, the FTC encourages a voluntary regime of protecting consumer privacy.

U.S. Supreme Court Historic Right to Privacy and Personal Autonomy Decisions:

[Last updated in February of 2024 by the Wex Definitions Team]