Chapter 5: Federal and State Regulators and Enforcement of Privacy Law

Other Federal Privacy Actors and the DOJ's Criminal Role

Beyond sector regulators, agencies like State, Commerce, Transportation, OMB, IRS/Treasury, DHS, and DOE touch privacy. OMB interprets the Privacy Act of 1974, and the DOJ is the sole federal agency for criminal enforcement.

Department of State (DOS) - negotiates privacy internationally (UN, OECD)
DOC - leads federal privacy policy and has administered EU-U.S. data-flow agreements
Department of Transportation (DOT) - oversees transport companies; the FAA handles drones and NHTSA handles connected cars
OMB - lead interpreter of the Privacy Act of 1974 and issuer of privacy/security guidance
IRS / Treasury - tax-record privacy; FinCEN handles money-laundering rules
DHS - E-Verify, TSA air-traveler records, ICE immigration and border issues
Department of Energy (DOE) - Smart Grid privacy

Two facts to lock in

The OMB interprets the Privacy Act of 1974 (which covers federal agencies and their contractors), and the DOJ is the sole federal agency that brings criminal enforcement actions. Some statutes like HIPAA allow both civil and criminal enforcement, with defined roles for HHS and the DOJ.

Key terms - quick answers

What is “OMB”?

The President's Office of Management and Budget, the lead agency for interpreting the Privacy Act of 1974 and issuing privacy/security guidance to agencies and contractors.

What is “Privacy Act of 1974”?

Federal law applying to federal agencies and their private-sector contractors, interpreted by the OMB.

What is “DOC”?

The U.S. Department of Commerce, which leads federal privacy policy and has administered EU-U.S. data-flow agreements.

What is “DHS”?

The U.S. Department of Homeland Security, which handles privacy issues such as E-Verify, TSA air-traveler records, and ICE immigration matters.

← Federal Privacy Enforcement Outside the FTC The FTC, Section 5, and Jurisdictional Limits →