In October 2021, Mark Zuckerberg appeared before a Congressional committee to answer questions about some privacy policy issues related to his company, Facebook. Incidentally, it was not Zuckerberg’s first time appearing before Congress. In 2018, the billionaire CEO sat for two days and answered over 600 questions from Congress regarding Facebook’s perceived mishandling of its customers’ data.

Facebook is not the only company to come under scrutiny for the way it handles people’s data. Although the internet and tech world have been considered open space, the ethics we hold regarding right and wrong still seem to apply. The fact that companies like Facebook have been perceived to mishandle sensitive information implies that there is a correct way for companies to do it. And so, in the wake and on the shoulders of Facebook’s worldwide scandal, the world began to consider the benefits of codifying these best practices into law.

Currently, there are more than 70 countries that have instigated laws on a national level regarding cybersecurity including countries like China and Canada. There are also multinational conglomerates, such as the European Union and a similar body in Africa, that have instigated laws regarding cybersecurity. In the United States, however, there are only a few cybersecurity laws, such as the Health Insurance Portability and Accountability Act (commonly known as HIPAA) and the Cyber Security Information Sharing Act, and virtually no data privacy laws at the federal level.

Because of the way property is conceptualized in the United States (based on theConstitution’s fourth amendment), lawmakers and lawyers have felt somewhat bound in terms of what data can or cannot be protected. As such, there is little regulation of data privacy on the federal level. However, the general consensus is that lawmakers are closely monitoring the EU’s experiment in sweeping data privacy laws. If that experiment goes well, the United States will likely follow suit.

Instead of data privacy laws (and, to a lesser extent, cybersecurity laws) being rolled out on a national level, the responsibility has fallen on the states. California was the first state to enact such a law, penning the California Consumer Privacy Act in 2018, which was enacted in 2020.Utah, one of the country’s centers for tech innovation and business, was one of the first states to protect data privacy and has passed multiple pieces of legislation since then. In 2021, 45 states considered bills which involved data privacy or cybersecurity, and 35 of those states passed at least one of those bills.

As the data privacy and cybersecurity laws boom, you need a competent, qualified team of experienced professionals to help you make sense of pertinent legislation. Such a team will determine if you have any duties and will help you implement any legal actions that may be required. At Sumsion Business Law, we have experience protecting businesses against cybersecurity lawsuits and in representing businesses when cybersecurity issues arise.