In addition to the above legislation, a couple of other acts restrict how private companies, particularly financial institutions, can disclose private information. Passed in 1970, the Fair Credit Reporting Act (FCRA) was one of the first federal laws to regulate how the private sector uses and discloses personal information. Under the act, consumer reports can be used only for specific purposes, such as determining eligibility for credit or background checks for employment. Consumer reporting agencies must provide individuals access to their records and investigate and address any mistakes that individuals find in their reports. Additionally, the Act requires that organizations contact an individual before taking adverse action based on information in his or her credit report (Solove and Hoofnagle 2006). Under the Gramm-Leach-Bliley Act (1999), financial institutions are required to initially and annually provide consumers with a privacy notice detailing the types of information they collect about the consumer; how the information is shared, used, and protected; and what rights the consumer has to opt out.8
8 “Gramm-Leach-Bliley Act,” Public Law 106-102, Nov. 12, 1999. Available at [http://www.gpo.gov/fdsys/ pkg/PLAW-106publ102/pdf/PLAW-106publ102.pdf]. Accessed June 3, 2014.