US Privacy Resources || US Privacy Rules | US Privacy Laws | US Privacy Regulations
Links to Privacy Laws
US Federal Privacy Laws and US Federal Breach Laws (USA is a member, OECD and has ratified CE ETS 185)
- Children’s Online Privacy Protection Act (COPPA)
- Communications Assistance for Law Enforcement Act (CALEA)
- Depart of Defense Directive 5400.11.R - Privacy Program (May 14, 2007 edition) (PDF)
- Electronic Communications Privacy Act (ECPA)
- Fair Credit Reporting Act (FCRA, PDF)
- As Amended by the Fair and Accurate Credit Transactions Act of 2003 (FACT)
- Federal Trade Commission's Red Flag Rule (PDF) (DELAYED UNTIL NOVEMBER 1st 2009)
- Family Educational Rights and Privacy Act (FERPA, The Buckley Amendment)
- Genetic Information Nondiscrimination Act 2008 (GINA, PDF)
- Gramm-Leach-Bliley Act (GLBA)
- Health Insurance Portability and Accountability Act (HIPAA, PDF)
- HITECH Act (Notice: I could not find it consolidated and called out anywhere, so had to create it myself, PDF)
- HITECH Breach Notification Guidance and Request for Public Comment (From the US Department of Health and Human Services, PDF)
- Federal Trade Commission's Health Breach Notification FINAL Rule (PDF)
- Safe Harbor Guidelines from the US Department of Commerce
Organizations' Privacy Law Models
- American Institute of Certified Public Accountants (AICPA)
- International Association of Privacy Professionals (IAPP)
- National Association of Insurance Commissioners (NAIC, US)
- Model Law of Privacy of Consumer Financial and Health Information Regulation (no link found)
- Online Privacy Alliance
US States' Privacy Laws and US States' Breach Laws
(note: in many States privacy laws include references to mandatory breach disclosure laws. In some, the same law covers both, at least partially)
- Alabama
- None Found
- Alaska
- Arizona
- Arkansas
- Personal Information Protection Act (AR-PIPA)
- Breach Notification Law (Within the above)
- Personal Information Protection Act (AR-PIPA)
- California
- Financial Information Privacy Act (C-FIPA)
- Standards of Private Information Protection
- Confidential of Medical Information Act (including Breach Notification)
- RFID Privacy Law (SB 31, prohibits "skimming")
- Colorado
- Connecticut
- Delaware
- Florida
- Georgia
- Hawaii
- Idaho
- Illinois
- Indiana
- Iowa
- Kansas
- Breach of Privacy
- Protection of Consumer Information Law (Including Breach Notification Law)
- Kentucky
- No Privacy Act
- No Breach Notification Law
- Louisiana
- Database Security Breach Notification Law (select Next Section to see all of the law’s provisions)
- Maine
- Act To Prevent Predatory Marketing Practices against Minors
- Notice of Risk to Personal Data Law (Including Breach Notification Law)
- Maine Public Law 161, modifying Breach Notification Law
- Maryland
- Massachusets
- Breach Notification Law (201 CMR 17:00)
- Note: 93H, often quoted as "the privacy law", only refers to Governmental entities.
- Michigan
- Identity Theft Protection Act (Act 459, Including Breach Notification Law)
- Minnesota
- Mississippi
- No Privacy Act
- No Breach Notification Law
- Missouri
- No Privacy Act
- Breach Notification Law (HB 62)
- Montana
- Breach Notification Law
- Impediment of Identity Theft Law (Including Security Breach)
- Computer Security Breach Law (Included in Above)
- Nebraska
- Breach of Security Law (87-803, Notification Law)
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- No Privacy Act
- No Breach Notification Law
- New York
- North Carolina
- Identity Theft Protection Act (75-2a, including Breach Notification)
- North Dakota
- Ohio
- Oklahoma
- Oregon
- Oregon Consumer Identity Theft Protection Act (Breach Notification)
- Pennsylvania
- Breach of Personal Information Notification Act (SB712, 73.2301)
- Puerto Rico
- Citizen Information on Data Banks Security Act (Chapter 310, section 4051 et seq.)
- Rhode Island
- Identity Theft Protection (including Breach Notification)
- South Carolina
- South Dakota
- No Privacy Act
- No Breach Notification Law
- Tennessee
- Texas
- HB 1262 – Chapter 501
- SB11 (Medical)
- HB 2004 (of 2009) – Security Breach Notification Law
- Note: Texas has a very wide range of laws governing Privacy. Generally, SB11, and now HB2004 are known as the Texas Privacy Laws, even though they both mainly deals in Health Care data.
- Utah
- Vermont
- Protection of Personal Information (Including Breach)
- RFID Privacy Law (HB 691, Act 153, regulating use of RFID in official documents)
- Virginia
- Breach Notification Law (HB 1469 / SB 307)
- Virgin Islands (including Saint Croix, Saint John, Saint Thomas, Water Island)
- Washington
- Personal Information – Notice of Security Breaches 19.255
- RFID Privacy Law (HB 1031)
- RFID Privacy Law 2 (HB 2729 relating to documents)
- Washington DC
- West Virginia
- Wisconsin
- Wyoming
- Consumer Protection Act (SF53, Breach Notification, PDF)
- Other USA Territories
- American Samoa
- Baker Island
- Bajo Nuevo Bank
- Guam
- Howland Island
- Jarvis Island
- Johnston Atoll
- Kingman Reef
- Kwajelein Atoll
- Republic of the Marshall Islands Free Association (See International Page)
- Micronesia Free Association (See International Section, below)
- Midway Atoll
- Navassa Island / La Navase / Lanavazr / Lavash
- Northern Mariana Islands
- Palmyra Atoll
- Republic of Palau Free Association (See International Page)
- Serranilla Bank
- Wake Islands
Thank you for looking at this page of US and States privacy-related laws. For International Privacy Laws, please see this page.




