Law: Please note this State does not have a general privacy law in effect, you can visit US State Law Tracker to monitor the progress of US State bills

Regulator: The Office of the Attorney General for the District of Columbia ('AG')

Summary: Although the District of Columbia (DC) does not currently have a general privacy act, the State has references to privacy in the Constitution for the State of New Columbia and the common law tort for the invasion of privacy, which has been long recognized by DC courts.

Furthermore, DC has its own breach notification law under §28–3851 et seq. of Subchapter II of Chapter 38 of Title 28 of the Code of the District of Columbia which requires any person or entity to notify a data breach to any resident whose personal information was included in the breach. The Office of the Attorney General for the District of Columbia (AG) must also be notified if the breach affects 50 or more residents.

It is important to note that the Security Breach Protection Amendment Act of 2020 (the Act), which entered into effect on April 10, 2020, amends the current breach notification law by protecting a broader range of personal information and establishing various security requirements for companies handling personal information.

You can follow legislative developments in the US through the USA State Law Tracker.