The International Comparative Legal Guide on Data Protection covers relevant legislation and competent authorities, definitions, territorial scope, key principles, individual rights and other legal issues relating to data protection in 36 global jurisdictions. Data privacy partner Deborah Thoren-Peden and senior counsel Catherine Meyer authored Chapter 38 of the 2018 ICLG Data Protection Guide, which focuses on the United States jurisdiction.

What is the principal data protection legislation?

The protection of data of U.S. residents is regulated by laws enacted on both the national and the state level. There is no single principal data protection legislation. Federal statures are primarily aimed at specific sectors, as described more fully below, while state statutes are more focused on protecting the privacy rights of individual consumers. The right to privacy is a common law right that has been incorporated into the state constitutions of many states and into the laws at both the state and federal level. Laws protecting data and consumer privacy are based on the principle that an individual has an expectation of privacy unless that expectation has been diminished or eliminated by agreement, statute or disclosure. Data protection and privacy statutes in the U.S. are enacted to protect the individuals residing in the U.S. or one of its states. Federal laws apply to protect residents of all states. State laws are designed to protect their residents.

Is there any other general legislation that impacts data protection?

Most states have adopted laws protecting the personally identifiable information of their residents. These laws apply to the information about a resident of the particular state and require businesses to comply with the state’s laws if the business collects, holds, transfers or processes information about a state resident, even if the business does not have a physical presence or business operation in the state.

The type of information protected varies depending on the statute. Some statutes apply to any information that relates to an identifiable individual while some apply to a more limited set of personally identifiable information—an individual’s name together with a data element such as a Social Security Number, driver’s license number, financial account number, and medical or health information. A growing number of states include protection of biometric data under these laws.

Read the remainder of this chapter on the ICLG website or by downloading the PDF .