The U.S. has in place many laws related to information secu…

The U.S. has in place many laws related to information security, computer security, and Internet use. Many of these laws relate to information governance, accountability, and commercial liability. In addition, the issue of personal privacy is addressed in many of the laws that relate to specific industries, sectors, and types of information. a 1-to 2-page paper using Microsoft® Word that answers the following questions: APA citation formatting in all work submitted. Follow rules of grammar and usage, including spelling and punctuation.

Title: Information Security Laws in the United States: Governing, Accountability, Liability, and Privacy


Information security, computer security, and Internet use are of utmost importance in the contemporary digital age. To regulate and protect these domains, the United States has established numerous laws aiming to ensure information governance, accountability, and commercial liability. Furthermore, personal privacy is a paramount concern, and many laws address this issue within specific industries, sectors, and types of information. This paper aims to provide a comprehensive overview of the information security laws in the United States, emphasizing their implications for governance, accountability, liability, and privacy.

Information Governance:

Information governance refers to the establishment of rules, procedures, and policies to ensure the effective and secure management of information. In the United States, various laws contribute to the framework of information governance. One such law is the Health Insurance Portability and Accountability Act (HIPAA) of 1996. HIPAA sets guidelines and standards for the protection of individuals’ health information and establishes penalties for non-compliance. It focuses on the healthcare industry, obligating covered entities to implement security measures to safeguard sensitive patient data.

Additionally, the Gramm-Leach-Bliley Act (GLBA) of 1999 addresses the financial services sector, imposing requirements on financial institutions to protect consumers’ non-public personal information. The GLBA aims to enhance privacy and operational security by mandating institutions to develop and maintain comprehensive data protection programs.


The issue of accountability is essential in information security, as it holds individuals and organizations responsible for their actions and facilitates trust-building. The Federal Information Security Modernization Act (FISMA) of 2014 strengthens accountability measures by requiring federal agencies to establish and maintain robust information security programs. FISMA includes assessment, risk management, and continuous monitoring processes to ensure the effectiveness of security controls.


Commercial liability plays a critical role in ensuring that organizations prioritize information security. The California Consumer Privacy Act (CCPA) enacted in 2018 exemplifies liability-focused legislation. The CCPA grants California residents the right to know what personal information is collected about them, to opt-out of its sale, and to request its deletion. It additionally allows residents to sue companies that fail to implement reasonable security measures, thereby promoting accountability and imposing potential financial consequences.


The protection of personal privacy is an essential aspect of information security laws in the United States. The European Union General Data Protection Regulation (GDPR) has influenced U.S. privacy laws, such as the California Consumer Privacy Act (CCPA), which was mentioned earlier. Additionally, the Children’s Online Privacy Protection Act (COPPA) of 1998 focuses on protecting the online privacy of children under the age of 13. COPPA requires websites and online services directed to children to obtain parental consent before collecting, using, or disclosing personal information.

In conclusion, the United States has enacted various laws to ensure information security, govern information handling, promote accountability, address liability concerns, and protect personal privacy. Laws such as HIPAA and GLBA contribute to information governance, while FISMA strengthens accountability measures. Legislation like the CCPA emphasizes commercial liability, while COPPA safeguards children’s online privacy. These laws collectively create a comprehensive framework to govern information security practices effectively in the United States. It is essential for organizations and individuals to understand and comply with these laws to safeguard information and promote cybersecurity.