Chapter 7: State Data Breach Notification, Data Security, and Data Destruction Laws

US Approach in Context

The lack of comprehensive federal breach, security, and destruction requirements leads some to call the US less stringent than jurisdictions like Europe. In practice, intense US attention to breaches has often produced more rigorous security programs than elsewhere.

State breach, security, and destruction laws together form an important pillar of US data protection. While the absence of comprehensive federal requirements leads some observers to view the US as less stringent than the EU, the intensive US focus on breaches has frequently driven more rigorous information security programs than in many other jurisdictions.

← State Data Destruction Laws Why Medical Privacy Gets Special Protection →