R Sheets Cybersecurity

National Data Privacy and Data Security Legislation


Tatyana Bolton
Former Policy Director, Cybersecurity and Emerging Threats
Kathryn Waldron
Former Resident Fellow, Cybersecurity and Emerging Threats


As technology has become increasingly intertwined with every facet of our daily lives, companies hold unprecedented amounts of our personal information. As a result, ensuring data security (keeping this data out of the hands of hackers and other malicious actors) and data privacy (making sure companies do not misuse the data they hold) is more important than ever before.

A number of countries have responded to this need by rolling out or signing onto data security and data privacy laws, such as Europe’s General Data Protection Regulation or Japan’s Act on the Protection of Personal Information. Until now, the United States has allowed each state to determine their own data security and data privacy laws, resulting in a variety of different standards. This lack of a uniform national standard makes it difficult for both companies and customers to know how they can use data, what data needs to be protected and who is liable in the case of a breach.


More Data Privacy Policy