Digital Privacy and Security Resources

1/10/2020

Introduction

data privacySecurity and privacy issues are a growing concern, especially as the internet and new technologies have made personal information more accessible and easier to collect, access and repurpose or manipulate. NCSL tracks state legislation and laws in these areas, with a particular focus on digital or electronic privacy issues. These resources are categorized in the following way:

  • Privacy: Controlling who has access to personal information. For example, laws requiring organizations to keep personal information confidential, to allow consumers to opt out of data collection or otherwise control the sharing of their information and to keep children's information private. This category also includes some sector-specific requirements, like those related to event data recorders in cars or automated license plate reader information.
  • Data Security and Cybersecurity: Protecting information from unauthorized access. Defending against attacks to various networks, computers and data. Involves system interconnections, internet, funding, staffing, training, policies and operations. This category includes laws and legislation requiring businesses and government to take specific measures to keep data secure and also covers security breach laws and other types of cybersecurity legislation.
  • Computer Crime: Prohibitions against those who hack into systems without authorization and laws against certain practices such as phishing or spreading malware in computers and networks.

Links to NCSL resources are listed below:

Text/HTML

Privacy Resources

50-State Statutory and Legislative Charts

The Internet and new technologies continually raise new policy questions about privacy, and state lawmakers are continuing to address the array of privacy issues arising from online activities. Privacy protections in state constitutions provide a broad overlay of protection for citizens in states with such provisions, but states are addressing specific privacy concerns as well, such as consumer data privacy, online marketing directed to minors, and employee email monitoring, among others. 

Featured NCSL Publications

  • Hands Off the Data, State Legislatures, November/December 2019. California’s new data protection law gives consumers greater control over their information.
  • Podcast: The Latest in Digital Privacy Laws, June 27, 2019. Last year, the California Consumer Privacy Act of 2018 was signed into law, and the landmark bill has become a model for other states when it comes to online consumer privacy. In Utah, the Electronic Information or Data Privacy Act was signed into law this year. The bill gives electronic documents the same legal protection against unwarranted searches as printed documents.
  • LegisBrief: A Higher Profile for Data Privacy, February 2019. Recent developments in Europe and California have focused new attention on the privacy and security of personal information in the U.S.
  • Data Privacy: California Gets Tough, State Legislatures, November/December 2018. The Golden State wields ‘stick’ with tough new regulations. Ohio takes a ‘carrot’ approach.
  • LegisBrief: Location Privacy, November 2016. Today, anyone can purchase location tracking devices that can be worn or attached to a car or other object, and the location information they collect can be monitored from afar on a purchaser’s computer. Some states are enacting laws that require consent to track a person’s geographic location.
  • Smile, the Camera's on You, State Legislatures, November/December 2016. Cameras, ubiquitous in today’s world, catch you while you’re shopping, traveling, banking, eating and doing just about everything else. As with many new technologies, however, there are privacy concerns.
  • LegisBrief: Facial Recognition and Biometrics, November 2015. Biometric technology can be useful in the public sphere to monitor border security, identify criminals, combat terrorism and eliminate identity fraud, among other things. Actions in some states reflect the uncertainty and concern about the potential adverse effects of biometric tracking.
  • LegisBrief: Automated License Plate Readers, February 2015. Automated license plate readers (ALPRs) capture computer-readable images of license plates that allow law enforcement agencies to identify stolen cars or cars driven by people suspected of being involved in other crimes. The ALPR data being collected, however, is growing more quickly than are policies and procedures governing their use, say privacy advocates.
  • LegisBrief: Social Media Privacy Laws, April 2014. Lawmakers began introducing legislation in 2012 to prohibit employers or educational institutions from requiring employees, applicants or students to turn over passwords to social media accounts.
  • App-losion!, State Legislatures, April 2013. Smartphones and apps are proliferating and getting smarter and smarter. Do they know too much?
  • The Private Life of E-Mail, State Legislatures, January 2010. The digital age has complicated the definition of what’s a public document.
  • Right to Know, State Legislatures, December 2008. Most states have laws requiring notification when personal data are stolen. How effective the laws have been, though, is an open question.

Data Security/Cybersecurity Resources

Personal identifying information is often collected by businesses and stored in various formats, both digital and traditional paper. To help combat fraud and identity theft problems, many states have passed laws that require entities to destroy, dispose, or otherwise make personal information unreadable or undecipherable, in order to protect an individual’s privacy.

Security breach laws require business or government to notify individuals if their personal information has been breached.

States also have enacted laws to require government and the private sector to take security measures to protect personal and sensitive information. Security practices, policies and guidelines provide legislators, legislative staff and state government agencies with additional resources. 

50-State Statutory and Legislative Charts

Featured NCSL Publications and Resources

Computer Crime Resources

Computer crime laws encompass a variety of actions that destroy or interfere with normal operation of a computer system. These actions include laws prohibiting unauthorized access or computer trespass; provisions specifically outlawing spyware, malware, phishing, ransomware, denial of service and other types of computer attacks, and identity theft laws.

50-State Statutory and Legislative Charts

Featured NCSL Publications