The data protection landscape of the United States is comprised of a patchwork of federal and state laws and regulations. As there is no general federal legislation, which regulates the collection and use of personal data, the federal data protection laws address specific industries and sectors, like financial services and healthcare, or focus on particular types of data.
CCPA, HIPAA, PCI DSS, GLBA, SOX, NIST SP 800-171
Lately a broadening list of states, including California, New York, Nevada, Oregon, Texas and Washington, have started developing and enacting privacy bills; however the discrepancies between the bills could lead to a jumble of different state-level privacy legislations with slightly different specifications and requirements. Although the US was strongly in favor of self-regulation, the possibility of a federal data protection law that would harmonize data protection nationwide is gaining momentum.
