Yale Law Journal, Vol. 118, No. 5, pg. 902, 2009
This study asks if federal privacy law should replace privacy law for sectors like health care, or state law.
Creation of a national privacy law could preempt (legally overrule) all state privacy law. While doing so would have benefits in the form of insuring consistency with the European Union, it would also make changing the privacy law in the future very difficult.
- Privacy law defines how companies can collect and distribute personal information. The most common forms of privacy regulation normally include:
- Limits on companies collection of personal information.
- Limits on companies disclosure of person information.
- Notice, access, and correction rights for the individual.
- Creation of processing and security systems.
- A large group of companies is arguing in favor of creating a national information privacy law.
- If Congress created a comprehensive privacy bill, this could preempt all state privacy law currently in effect.
- A comprehensive privacy bill that would preempt state law would have several benefits.
- It would bring the U.S. regulatory laws in line with those already in existence in the European Union.
- It would lessen the burden on the European regulatory commissions in dealing with U.S. companies.
- It would encourage international business.
- There are three potential negative results of creating a single overriding privacy law.
- The cost of an extra layer of regulation.
- The uncertainty in how to best create such a bill.
- The complexity of amending such an overriding law might make future changes and improvements difficult.
- While complex, a dual system of federal and state privacy law allows for the benefits of creating a more uniform system, while still allowing for the promotion of successful laws and the weeding out of policies that fail.