Law: Please note this State does not have a general privacy law in effect, you can visit USA State Law Tracker to monitor the progress of US State bills.

Regulator: Guam Office of the Attorney General ('AG')

Summary: Although there is no comprehensive privacy law enacted in Guam, like other states and territories in the US it has enacted a data breach law through §48-10 of Chapter 48 of Title 9 of the Guam Code Annotated (the Data Breach Law). Notably, the Data Breach Law only applies to electronic data and is not applicable to encrypted or redacted data. Good faith acquisitions of personal information by employees or agents are also excluded and notification is only required to individuals. Moreover, individuals and entities may be liable for civil penalties, not exceeding $150,000 per breach or series of breaches uncovered in a single investigation, for violations of the Data Breach Law. There are currently no pending data protection laws in the Guam legislature and, as such, privacy protections are largely provided through US federal privacy laws.