Although the volume of data that flows between the EU and the U.S. ensures that EU privacy law occupies most of the spotlight on the world stage, other countries have their own privacy laws worth noting as well.
Different Types of Privacy Regimes
As a preliminary matter, it is important to keep in mind that most countries’ privacy regimes can be grouped into two categories: sectoral and comprehensive. As mentioned in the previous post, privacy law in the U.S. is sectoral, meaning that different laws and regulations govern data from one industry to the next. For example, the Health Insurance Portability and Accountability Act (HIPAA) includes a Privacy Rule and a Security Rule meant to protect people’s medical records; the Family Educational Rights and Privacy Act (FERPA) regulates the release of students’ educational records; and the Privacy of Consumer Financial Information Rule of the Gramm-Leach-Bliley Act applies to the financial industry. Further complicating matters is the fact that both the state and the federal governments may enact privacy laws, which has led to varying privacy-related requirements across the country.