Requirements for Personal Information Protection: U.S. State Laws (2017)

A study by Virginia Jones, CRM, FAI (2009) [Funded by the Foundation]

Revised by Virginia Jones, CRM, FAI (2017) [Funded by the Foundation]


This paper is the second of a two-part research project, funded by the Foundation, to identify privacy laws that impact records management programs. This paper covers protection of personal privacy information in U.S. state laws.

Although most U.S. federal law pertains only to U.S. federal agencies, a number of the laws also either directly relate to or indirectly impact state and local governments. The paper is not a definitive compilation of all state privacy law. The choice of the 26 privacy issues covered in this document is based on high profile privacy issues from the National Conference of State Legislatures, the National Association of Chief Information Officers, and various news sources. The document does not cover identity theft laws or data security laws unless they are included with privacy of personal information requirements. Some Freedom of Information laws having privacy or confidentiality requirements were also included in this document.