Introduction to US State Privacy, Security and Other Applicable Laws
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> It's Chris once again, the privacy gremlin.
00:00
It's my pleasure to welcome you back to the course.
00:00
I am Cybrary's instructor
00:00
for US information privacy course.
00:00
In Lesson 9.1,
00:00
we're going to have a discussion on the Introduction to
00:00
US State privacy security and other applicable laws.
00:00
We have several learning objectives.
00:00
We'll have a brief overview of the impetus
00:00
behind these different data security,
00:00
data privacy, and applicable laws.
00:00
We're going to talk about the role
00:00
of the 10th Amendment and allowing
00:00
the states in the absence of a national law,
00:00
and in the absence that
00:00
these state laws themselves do
00:00
not conflict with existing federal statutes,
00:00
as well as they don't conflict with
00:00
>> the US Constitution.
00:00
>> Then we'll have a brief discussion
00:00
on the Commerce Clause.
00:00
Let's talk about
00:00
these various US state privacy and security laws.
00:00
Now, as I've mentioned throughout the course,
00:00
unlike other countries across the globe,
00:00
the US is yet to enact
00:00
one law that define for
00:00
the states businesses operating in the United States,
00:00
information privacy, data protection, data security.
00:00
What the states have done is
00:00
>> they have passed these laws.
00:00
>> California in 2004 passed
00:00
the country's first data breach notification law.
00:00
Since then the other states have done so.
00:00
Now we have these hodgepodge of laws
00:00
somewhat similar, but also different.
00:00
We have 50 different
00:00
state data breach notification laws,
00:00
so include those of
00:00
the US territories and the District of Columbia.
00:00
We have at least 25 different data destruction loss,
00:00
and at least 25 or more data privacy laws.
00:00
We also have states like California that have looked
00:00
abroad to the European Union
00:00
in other jurisdictions and pass omnibus
00:00
like laws like the California Consumer Privacy Act.
00:00
Other states have followed suit.
00:00
Now, as I've mentioned previously,
00:00
it's the 10th Amendment that says
00:00
that these states themselves,
00:00
in the absence of a national law,
00:00
we have no law that governs
00:00
identity theft and identity for our protections.
00:00
These states, the territories
00:00
and the District of Columbia pass laws,
00:00
protect their residents from
00:00
>> instances of identity theft,
00:00
>> identity fraud, harm caused
00:00
by data breaches, and not the light.
00:00
When we look at laws like
00:00
the California Consumer Privacy Act,
00:00
when the Congress does
00:00
enact that national information privacy law,
00:00
one of the things that it's going out
00:00
>> to consider is does
00:00
>> that law serve as the ceiling or
00:00
the floor for state laws?
00:00
When we talk about preemption,
00:00
preemption is the ability of
00:00
a superior government to
00:00
supersede the laws of an inferior government.
00:00
What am I talking about in plain speak?
00:00
We're talking about the ability of
00:00
the federal government to
00:00
supersede the laws of the state governments.
00:00
We define that as preemption.
00:00
There are cases when you have
00:00
federal laws that do preempt stricter state laws,
00:00
but we also have laws that
00:00
>> do not preempt state laws like
00:00
>> the Electronic Communications Privacy Act of 1986,
00:00
as complement the stored Communications Act.
00:00
In most cases, the Health Insurance Portability and
00:00
Accountability Act of 1996 as amended,
00:00
or the Gramm-Leach-Bliley Act of 1999,
00:00
do not preempt stricter state laws.
00:00
Now on the cases have security,
00:00
some state laws may say that if you have to comply with
00:00
the provisions of HIPAA security requirements
00:00
stated in the security rule,
00:00
or those are
00:00
the Gramm-Leach-Bliley Act safeguards
00:00
rules security requirements,
00:00
then you will follow those laws themselves.
00:00
Now, I briefly want to talk about the commerce clause,
00:00
which I think is important,
00:00
especially when we talking laws that are passed
00:00
that govern commerce, intrastate, and interstate.
00:00
Now what do I mean?
00:00
I mean, if we're talking about those laws that
00:00
impact one or more states interstate than again,
00:00
those powers are reserved at the federal level.
00:00
But when we talk about intrastate commerce,
00:00
in most case those states themselves can pass
00:00
laws that impact commerce within its borders.
00:00
What does the commerce clause say?
00:00
Now it gives Congress the power
00:00
>> to regulate commerce with
00:00
>> foreign nations and among
00:00
the several states and with the Indian tribes.
00:00
It also gives Congress
00:00
the power to regulate interstate commerce.
00:00
Question 1 asks,
00:00
the US Constitution's 10th Amendment states what?
00:00
The appropriate answer is A, my apologies.
00:00
Question 2 states the commerce clause does what?
00:00
The appropriate answers are A and B.
00:00
Question 3 asks,
00:00
how many US states have
00:00
enacted data privacy protection laws?
00:00
The appropriate answer is D. As we said when we
00:00
talked more broadly about
00:00
these laws passed at the state level,
00:00
every state, the US Virgin Islands, Guam,
00:00
and Puerto Rico have
00:00
their own data breach
00:00
notification laws as well as the District of Columbia.
00:00
We also said now we're seeing states
00:00
provide or enact more comprehensive laws like
00:00
those that we would see that looked like
00:00
the European Union's General
00:00
>> Data Protection Regulation.
00:00
>> States like California, Nevada,
00:00
Maine, and others are passing more comprehensive laws.
00:00
We should expect that more states
00:00
will do that can protect their residents,
00:00
their consumer privacy rights until
00:00
the United States passes that one national privacy law.
00:00
We've seen bills introduced on the heel,
00:00
but I doubt that any of those laws would be enacted
00:00
during this period of time
00:00
when we had the general elections.
00:00
Question 4 asks,
00:00
how many states in Puerto Rico have
00:00
enacted data disposal laws or destruction laws?
00:00
The appropriate answer is B.
00:00
Let's talk about it in summary.
00:00
We do know that the US does not have
00:00
that one omnibus or comprehensive data privacy law.
00:00
For that reason, some states
00:00
have passed their own data security,
00:00
data privacy laws and other laws.
00:00
We talked about the 10th Amendment that provides
00:00
powers not delegated to
00:00
the United States by the Constitution,
00:00
nor prohibited by the states,
00:00
that the states themselves can pass
00:00
laws that's why we have laws that
00:00
are passed like states by
00:00
California to forestall the impact
00:00
of identity theft and identity fraud on its residents.
00:00
We also talked about the commerce clause.
00:00
It reserves certain powers to Congress
00:00
that allows it to regulate interstate commerce.
00:00
It also provides the states with
00:00
>> the ability to regulate,
00:00
>> in most cases, intrastate commerce.
Up Next
Similar Content
