Federal privacy statutes purport to solidify norms for the privacy of our personal information, whether financial, medical, or other. They impose burdens on those who have control over such information. However, they often fail to offer real remedies when those burdens are not met. As a consequence, individuals may falsely perceive that the disclosure of their private data will be punished, while the regulated receive comfort that they can breach privacy with impunity. This trend of toothlessness in federal privacy law began with the Fair Credit Reporting Act, which allows some, but not complete, private remedies, and has continued through the Health Insurance Portability and Accountability Act, the Gramm-Leach-Bliley Act, and the Fair and Accurate Credit Transactions Act. Most recently, the trend appears in congressional bills offered to protect the security of personal information, bills that prohibit private remedies and preempt such remedies that otherwise exist in state laws.
However, given the importance of privacy norms and the tradition of rights and remedies for privacy at the state level, states should seek to push their capacities to use laws, whether common or enacted, to protect their citizens to the very limits they can. Enforcement of social privacy norms, as embodied in laws state or federal, is necessary to protect personality and dignity. States can resume their traditional roles as protectors of their citizens by responding to increased threats to privacy through adapting common law torts or by enacting legislation; where these instruments provide enforcement through private causes of action, those protected by the instruments can vindicate their rights. More importantly, such remedies can deter violations to begin with, the ultimate aim of any privacy provision.
Elizabeth D. De Armond,
A Dearth of Remedies,
Dick. L. Rev.
Available at: https://ideas.dickinsonlaw.psu.edu/dlra/vol113/iss1/2