I. An Overview of the Statutory Law Bearing on Data Breach1

In a world where people’s lives are played out increasingly on line -- and their personal information is stored in far-flung electronic locations -- lawmakers in the United States have until recently largely focused their response on safeguarding the privacy and security of individuals’ electronic data. The result is an array of overlapping statutes intended to protect personal information summarized below.

A. Federal Data Privacy Statutory Framework (see Exhibit A)

On the federal side, Congress has chosen to regulate data privacy and security by dividing the landscape by subject matter. For example, realms such as individuals’ financial or health information, computers and personal communications are each separately protected by stand-alone federal statutes. Layered over these core protections are a number of more narrowly focused statutes which round out individual protections. The following is a brief overview of the statutes enacted in each protected niche.