The Federal and State Regulatory Landscape
In the U.S., privacy is regulated at both federal and state level. Federal regulators are largely sectoral (medical, financial, education), the FTC is the lead privacy enforcer, and in the absence of a federal comprehensive privacy law state enforcement takes on added importance.
Privacy in the United States is regulated at both the federal and state level. At the federal level there are numerous regulators whose jurisdictions can overlap, with most dedicated to specific sectors such as medical, financial, and education. The FTC is generally considered the lead privacy enforcer because it can address a wide variety of privacy violations that relate to consumer protection.
At the state level, all 50 states have Unfair and Deceptive Acts and Practices (UDAP statutes) that, despite variation, offer protections similar to those in the FTC Act. As of this writing the U.S. has not enacted a federal comprehensive privacy law, so state privacy enforcement matters more, especially as states pass their own comprehensive privacy laws.
The U.S. uses a sectoral model. There is no single omnibus federal privacy statute - instead, different agencies enforce industry-specific laws, with the FTC filling consumer-protection gaps under Section 5.