The wide variety of privacy laws and data protection regulations makes it difficult for companies to know what they can and must do to protect themselves, their employees, their networks, confidential information, and customers. For example, a company’s ability to process, store, transfer, and monitor their employees’ use of confidential information may vary greatly depending upon where the data comes from and where it will be sent. Different countries apply different standards for the collection, processing, and transfer of personal data. As a result, it has become essential for companies operating internationally to understand relevant data protection laws for each jurisdiction in which they operate.
The United States does not have comprehensive privacy and data protection laws. Instead, the United States relies on a mix of legislation, regulation, and self-regulation. The result is a patchwork of federal laws covering some specific categories of personal information ranging from financial records to video rentals to vehicle registration.
Forty-six states, the District of Columbia, Puerto Rico and the U.S. Virgin Islands have enacted legislation requiring notification of security breaches involving personal information. Although each law varies slightly, the breach notification laws generally relate to breaches involving ‘personal information’ which typically involves an individual’s name and sensitive information such as a Social Security number, a driver’s license, credit card, PIN or other information that is likely to be involved in identity theft. Many of the laws impose civil and criminal sanctions for failure to comply.
The laws regulating interception of communication—the wiretapping laws—were originally intended to protect oral communications. These laws now are being applied to situations where individuals are monitoring or recording voice, digital, email, or other electronic communications. These laws may also impact how and when companies can monitor their employees’ use of networks and email. This section provides a convenient overview of the relevant laws in the United States.
This section examines the key privacy and data protection laws for countries in North America, Latin America, Asia Pacific, Europe, and the Middle East. Links are provided to English translations of the key legislation.