Actually, there is no federal law that broadly prohibits that, and to my knowledge no state does either. Many Americans seem to think that their personal information is more protected under the law than it actually is. Of course laws that restrict certain kinds of disclosures (e.g. laws that prohibit medical facilities and health insurers from disclosing protected health information, laws that restrict financial institutions from making certain disclosures about customers) would apply to those disclosures being made on the internet just as they would to disclosures in other forms. In some circumstances you might be subject to civil liability for posting information on the internet that you have about someone, but that generally requires that you have a duty in the law to keep that information private in the first place. In a lot of contexts that duty does not exist and in those circumstances you are free to share the information you have. The privacy laws in this country are very much a patchwork of laws that apply in specific circumstances, so it can make it difficult to know what is protected and what is not. If you're not sure whether the disclosure you want to make is protected by some law then the prudent course of action is to not disclose it until you are sure.
Just because an e-mail has a statement like that does not necessarily obligate the recipient to keep the e-mail private. The details of the e-mail and the relationship between the sender and recipient matter. A lot of law firms smack a confidentiality statement on all the e-mails they send as a matter of practice but just because that statement is there may not obligate the recipient to honor that. Those details I mentioned matter.