The recent controversy surrounding how third parties protect the privacy of individuals in the digital age has raised national concerns over legal protections of Americans’ electronic data. The current legislative paradigms governing cybersecurity and data privacy are complex and technical, and lack uniformity at the federal level. This In Focus provides an introduction to data protection laws and an overview of considerations for Congress. (For a more detailed analysis, see CRS Report R45631, Data Protection Law: An Overview, by Stephen P. Mulligan, Wilson C. Freeman, and Chris D. Linebaugh).
*Defining Data Protection *
As a legislative concept, data protection melds the fields of data privacy (i.e., how to control the collection, use, and dissemination of personal information) and data security (i.e., how to (1) protect personal information from unauthorized access or use and (2) respond to such unauthorized access or use). Historically, many laws addressed these issues separately, but more recent data protection initiatives indicate a trend toward combining data privacy and security into unified legislative schemes.