Information privacy law or data protection laws prohibit the disclosure or misuse of information about private individuals. ... Information collected from an individual cannot be disclosed to other organizations or individuals unless specifically authorized by law or by consent of the individual.  

USA has very little to none data protection... We are behind the world in data protection and how companies use our data. 

Data PRotection

image1 Information privacy law USA

 Data privacy is not highly legislated or regulated in the U.S.[21] In the United States, access to private data contained in, for example, third-party credit reports may be sought when seeking employment or medical care, or making automobile, housing, or other purchases on credit terms. Although partial regulations exist, there is no all-encompassing law regulating the acquisition, storage, or use of personal data in the U.S. In general terms, in the U.S., whoever can be troubled to key in the data, is deemed to own the right to store and use it, even if the data was collected without permission, except to any extent regulated by laws and rules such as the federal Communications Act's provisions, and implementing rules from the Federal Communications Commission, regulating use of customer proprietary network information (CPNI). For instance, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Children's Online Privacy Protection Act of 1998 (COPPA), and the Fair and Accurate Credit Transactions Act of 2003 (FACTA), are all examples of U.S. federal laws with provisions which tend to promote information flow efficiencies. 

The Supreme Court interpreted

 The Supreme Court interpreted the Constitution to grant a right of privacy to individuals in Griswold v. Connecticut. Very few states, however, recognize an individual's right to privacy, a notable exception being California. An inalienable right to privacy is enshrined in the California Constitution's article 1, section 1, and the California legislature has enacted several pieces of legislation aimed at protecting this right. The California Online Privacy Protection Act (OPPA) of 2003 requires operators of commercial web sites or online services that collect personal information on California residents through a web site to conspicuously post a privacy policy on the site and to comply with its policy. 

Safe harbor arrangement

The safe harbor arrangement was developed by the United States Department of Commerce in order to provide a means for U.S. companies to demonstrate compliance with European Commission directives and thus to simplify relations between them and European businesses.

Recently, lawmakers in several states have proposed legislations to change the way online businesses handle user information. Among those generating significant attention are several Do Not Track legislations and the Right to Know Act (California Bill AB 1291). The California Right to Know Act, if passed, would require every business which keeps user information to provide its user a copy of stored information when requested.[23] The bill faced heavy oppositions from trade groups representing companies such as Google, Microsoft, and Facebook, and failed to pass.

On June 28, 2018 California legislature passed AB 375, the California Consumer Privacy Act of 2018, effective January 1, 2020.[25] If the law is not amended before it becomes effective, The California Consumer Privacy Act, AB. 375 — gives California residents an array of new rights, starting with the right to be informed about what kinds of personal data companies have collected and why it was collected.

The Personal Information Protection Act (PIPA) of Maryland

 The Personal Information Protection Act (PIPA), Md. Code Ann. Comm. Law 14-3504​, was enacted to make sure that Maryland consumers' personal identifying information is reasonably protected, and if it is compromised, they are notified so that they can take steps to protect themselves. PIPA contains provisions for notification of consumers in the event of a data security breach and for reasonable security measures to protect consumers' personal identifying information. 

PIPA defines “personal info​rmation" as:

An individual's first and last name in combination with:

  • A Social Security number, an Individual Taxpayer Identification number, a passport number, or other identification number issued by the federal government;
  • A driver's license number or state identification card number;
  • An account number, a credit card number, or a debit card number, in combination with any required security code, access code, or password, that permits access to an individual's financial account;
  • Health information, including information about an individual's mental health;
  • A health insurance policy or certificate number or health insurance subscriber identification number, in combination with a unique identifier used by an insurer or an employer that is self-insured, that permits access to an individual's health information; or
  • Biometric data of an individual generated by automatic measurements of an individual's biological characteristics such as a fingerprint, voice print, genetic print, retina or iris image, or other unique biological characteristic, that can be used to uniquely authenticate the individual's identity when the individual accesses a system or account

Computer security, privacy and criminal law

 The following summarized some of the laws, regulations and directives related to the protection of information systems: