Data & Privacy

Generally, yes — the police can access stored emails without a warrant under certain conditions, depending on how long the emails have been stored and where they’re held, as outlined in the Stored Communications Act.

Yes, it is illegal under federal law for someone to wiretap your phone conversations without your consent or a court order.

Generally, yes—police can track your cell phone location without a warrant in some circumstances, but real-time tracking often requires a warrant under current federal law and Supreme Court precedent.

Yes, text messages stored by a service provider are generally protected under the Stored Communications Act (SCA), which prohibits unauthorized access to stored electronic communications.

Yes, the NSA has collected phone call metadata in bulk under certain authorities, but the bulk collection program authorized by Section 215 of the USA PATRIOT Act ended in 2015; current collection requires specific selection terms and court approval.

The Children's Online Privacy Protection Act (COPPA) requires websites and online services directed to children under 13 to obtain verifiable parental consent before collecting, using, or disclosing their personal information.

No, a website cannot collect personal information from children under 13 without verifiable parental consent under U.S. federal law.

Yes, COPPA applies to apps and games directed to children under 13 that collect personal information online.

Generally, no—your doctor cannot share your medical records without your consent, except in specific situations allowed by federal law like treatment, payment, or healthcare operations.

Under HIPAA, you have the legal right to inspect and obtain a copy of your protected health information held by covered entities, with limited exceptions and within specific timeframes.

No, you cannot sue a hospital directly under HIPAA for unauthorized disclosure of your medical information—HIPAA does not create a private right of action for individuals.

The Freedom of Information Act (FOIA) allows federal agencies to withhold information under nine specific exemptions, including national security, internal agency rules, confidential business information, and personal privacy.

Yes, any person can request records from a federal agency under the Freedom of Information Act (FOIA), and agencies must respond within 20 business days.

No, federal agencies generally cannot maintain secret files about you—they must disclose their record systems, let you access and correct your records, and follow strict rules on collection and use.

Generally, no—the Privacy Act of 1974 prohibits federal agencies from sharing your personal information with other agencies without your written consent, unless an exception applies.

Yes, under the Privacy Act of 1974, you have the right to request correction of inaccurate, irrelevant, untimely, or incomplete records held by federal agencies about you.

The federal government must protect personal data it collects from individuals by following strict privacy safeguards under the Privacy Act of 1974, including limiting disclosure and ensuring accuracy.

Yes, but only under strict legal conditions — law enforcement generally needs a warrant, subpoena, or court order to obtain your private messages from a social media company.

Yes, your employer generally can read your private emails on the company server, because federal law permits monitoring of communications on employer-owned systems when there's a legitimate business purpose and you have no reasonable expectation of privacy.

Under federal law, it is legal to record a phone call if at least one party to the conversation consents — meaning you can record your own call without telling the other person.

Yes, a data breach victim may sue under the federal Stored Communications Act (SCA) if the breach involved unauthorized access to stored electronic communications and the plaintiff suffered damages.

Illegally intercepting electronic communications is a federal felony punishable by up to 5 years in prison, fines, and civil liability. Repeat offenses or interceptions for commercial advantage carry harsher penalties.

HIPAA does not apply to most employers or consumer fitness apps — it only covers covered entities (health plans, providers, and clearinghouses) and their business associates.

Yes, federal law generally allows websites to sell your browsing history to advertisers without your knowledge, because the Electronic Communications Privacy Act does not prohibit this type of data collection or sale when it occurs on a website you voluntarily use.

Yes, under the Privacy Act of 1974, federal agencies generally cannot disclose your personal information to third parties—including for marketing—without your prior written consent.