Well... almost everywhere!

 

Nowadays, almost all jurisdictions over the world have adopted regulations protecting the use of your personal information.

In Europe, Asia and Canada, the comprehensive model is widely implemented. Comprehensive data protection laws are those in which the government has defined requirements throughout the economy, as opposed to the sectoral model which rules apply to selected market segments. In the E.U., the GDPR governs the collection, use, and dissemination of personal information in the public and private sectors, non-profit organizations included.

In the U.S., the sectoral model is dominant. The legal framework protects personal information by enacting laws that address a particular industry sector (video rental records, consumer financial transactions, credit records, law enforcement, and medical records, for example). The specificity of the U.S. legal framework is that the States have recently passed several comprehensive data privacy laws (California's CPRA, Colorado's CPA, Connecticut's S.B. 6, Utah's UCPA, and Virginia's CDPA). Other States, such as Nevada, have limited data privacy laws.

Apart from those two models that mainly refer to national or state laws, the self-regulatory model emphasizes the creation of codes of practice to protect personal information by a company, industry, or independent body. In contrast to the co-regulatory model, no generally applicable data protection law may create a legal framework for the self-regulatory code. A prominent example that affects the wide range of businesses that process credit card data is the Payment Card Industry Data Security Standard (PCI DSS), which enhances cardholder data security and facilitates the broad adoption of consistent data security measures globally.