United States: Cybersecurity

Regulation of cybersecurity in the United States is fragmented, with requirements varying based on the nature of a company’s business, location or customer base. At the federal level, a complex web of agencies oversee a patchwork of cybersecurity rules and requirements for companies doing business in the United States. At the state level, all of the states have data breach notification laws and a slight majority of states also have affirmative cybersecurity and data security regulations, with a mix of enforcement bodies.