McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Business HomeProducts & SolutionsData Protection

U.S. and Global Data Protection Laws

The wide variety of privacy laws and data protection regulations makes it difficult for companies to know what they can and must do to protect themselves, their employees, their networks, confidential information, and customers. For example, a company’s ability to process, store, transfer, and monitor their employees’ use of confidential information may vary greatly depending upon where the data comes from and where it will be sent. Different countries apply different standards for the collection, processing, and transfer of personal data. As a result, it has become essential for companies operating internationally to understand relevant data protection laws for each jurisdiction in which they operate.

U.S. Federal Laws and Regulations

The United States does not have comprehensive privacy and data protection laws. Instead, the United States relies on a mix of legislation, regulation, and self-regulation. The result is a patchwork of federal laws covering some specific categories of personal information ranging from financial records to video rentals to vehicle registration.

U.S. State Security Breach Notification Laws

Forty-six states, the District of Columbia, Puerto Rico and the U.S. Virgin Islands have enacted legislation requiring notification of security breaches involving personal information. Although each law varies slightly, the breach notification laws generally relate to breaches involving ‘personal information’ which typically involves an individual’s name and sensitive information such as a Social Security number, a driver’s license, credit card, PIN or other information that is likely to be involved in identity theft. Many of the laws impose civil and criminal sanctions for failure to comply.

Overview of Laws on Interception of Communications

The laws regulating interception of communication—the wiretapping laws—were originally intended to protect oral communications. These laws now are being applied to situations where individuals are monitoring or recording voice, digital, email, or other electronic communications. These laws may also impact how and when companies can monitor their employees’ use of networks and email. This section provides a convenient overview of the relevant laws in the United States.

International Privacy and Data Protection Laws

This section examines the key privacy and data protection laws for countries in North America, Latin America, Asia Pacific, Europe, and the Middle East. Links are provided to English translations of the key legislation.

Key Points

Growing Number of Laws

  • Almost all U.S. states have enacted breach notification, wiretapping and interception of communications laws
  • More than 60 nations have adopted privacy and data protection laws
  • Many countries have enacted secrecy and confidentiality laws
  • Failure to comply with these laws can result in civil fines, litigation, and criminal convictions

The privacy and data protection laws affect how companies can monitor the use of sensitive personal data

  • The laws of the European Union regulate the life cycle of personal data, from collection to destruction
  • The laws of the European Union and other regions also control a company’s ability to transfer personal data to third countries.  These laws can have a major impact on a company’s ability to manage network security
United States - English