Skip to main content

The average cost of a data breach in the United States is nearly 10 million dollars, the highest of any country in the world. In spite of this, the United States does not have a single comprehensive federal consumer privacy law comparable to the European Union’s General Data Protection Regulation (“GDPR”). Due to the fragmented nature of US Data privacy law, companies face challenges building a cohesive approach to data privacy and compliance amidst many sector specific (e.g. GLBA, TILA, CAN-SPAM, COPPA, ECOA, FDCPA, HIPAA) and state privacy laws. This messy patchwork of regulations differs in its obligations, protections, scope and enforcement capabilities.

In the absence of a comprehensive federal standard, several states such as California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia have passed their own laws. We expect this environment to change because federal legislators have drafted the American Data Privacy and Protection Act (ADPPA), the first comprehensive federal data privacy law.

Learn more about the American Data Privacy & Protection Act here: Jacob Rosner on Medium.


About the Authors

Jacob Rosner is a Manager within DayBlink Consulting’s Cybersecurity Group.