Sage Journals: Discover world-class research

Abstract

The last several years have seen an astronomical acceleration in data collection, storage, and transfer, driven by the rise of connected and smart technologies. However, this increase in automated and connected infrastructure has brought with it a host of unprecedented risks in the cyber world, exposing personal data and information systems to cybercrime worldwide. Although efforts have been made to address these issues, federal data security measures for critical infrastructure sectors have been slow to emerge. Recognizing this gap and the massive amounts of data being collected from individuals every day, some states have begun enacting generally applicable data privacy protocols. However, state regulations governing data security are jurisdictionally limited, unsynchronized, and inconsistent in scope. This paper aims to provide an overview of current data security regulations across all 50 state jurisdictions, with a focus on key points of interest in the transportation industry, for both industry stakeholders and policymakers. While not exhaustive with respect to consumer data privacy laws, this survey addresses some of the most pressing compliance issues for data managers in both public and private settings.

Keywords

cybersecurity technology and data governance policy and organization legal resources big data

Get full access to this article

View all access options for this article.

References

U.S. Government Accountability Office (USGAO). Vehicle Data Privacy: Industry and Federal Efforts Under Way, but NHTSA Needs to Define Its Role. GAO-17-656. 2017.

United States Department of Transportation. Automated Vehicles. 2021. https://www.transportation.gov/sites/dot.gov/files/2021-01/USDOT_AVCP.pdf. Accessed 25 January 2024.

McKinsey & Company. Monetizing Car Data: New Service Business Opportunities to Create New Customer Benefits. 2016. https://www.mckinsey.com/industries/automotive-and-assembly/our-insights/monetizing-car-data#/. Accessed 25 January 2024.

Grzadkowska

. Transportation is Now the Third Most Vulnerable Sector Exposed to Cyber Attacks. Insurance Business. https://www.insurancebusinessmag.2018.com/us/news/cyber/transportation-is-now-the-third-most-vulnerable-sector-exposed-to-cyberattacks-106900.aspx. Accessed 25 January 2024.

Tonn

Kesan

Zhang

Czajkowski

Cyber Risk and Insurance for Transportation Infrastructure. Transport Policy, Vol. 79, 2019, pp. 103–114.

CyberTalk. Ransomware Attacks on the Transportation Industry. CheckPoint Solutions, Vol. 1. 2021. Accessed 25 January 2024.

United States Department of Homeland Security. TSA Issues New Cybersecurity Requirements for Passenger and Freight Railroad Carriers. National Press Release. 2022.

Chowdhury

Karmakar

Kamruzzaman

Jolfaei

Das

Attacks on Self-Driving Cars and Their Countermeasures: A Survey IEEE Access, Vol. 8, 2020, p. 207308-207342.

Fries

Gahrooei

Chowdhury

Conway

Meeting Privacy Challenges While Advancing Intelligent Transportation Systems. Transportation Research Part C, Vol. 25, 2012, pp. 34–45.

10.

Leal-Arcas

Lasniewska

Proedrou

Smart Grids in the European Union: Assessing Energy Security, Regulation & Social and Ethical Considerations. Columbia Journal of European Law, Vol. 24, 2018, pp. 291–389.

11.

Desai

Roberson

Serafino

Cyber Incident Reporting Requirements for Critical Infrastructure Sectors Signed into Law. Holland & Knight Alert. 2022, pp. 1–13. https://www.hklaw.com/en/insights/publications/2022/03/cyber-incident-reporting-requirements-for-critical-infrastructure. Accessed 25 January 2024.

12.

Solow-Niederman

. Beyond the Privacy Torts: Reinvigorating a Common Law Approach for Data Breaches. Yale Law Journal Forum, Vol. 127, 2018, p. 614.

13.

Perkins Coie. Security Breach Notification Chart. https://perkinscoie.com/sites/default/files/2024-08/Security-Breach-Notification-Law-Chart-September-2023.pdf. Accessed 25 January 2024.

14.

Crowell & Moring, LPP. Privacy and Cybersecurity Outlook: The 2024 Landscape 2024. https://www.crowell.com/en/insights/publications/privacy-and-cybersecurity-outlook-the-2024-landscape. Accessed 25 January 2024.

15.

Electronic Privacy Information Center (EPIC). State Consumer Data Security Policy. 2024. https://epic.org/state-consumer-data-security-policy/. Accessed 25 January 2024.

16.

Code of Delaware, Title 6, § 12B-100.

17.

Massachusetts Annotated Laws, Chapter 93H, § 2(a); 201 Code of Massachusetts Regulations 17.03(1).

18.

Nevada Revised Statutes Annotated, § 603A.210(3).

19.

Virginia Code Annotated, § 59.1-575 et seq.

20.

Colorado Revised Statutes, § 6-1-1301 et seq.

21.

Georgia Code Annotated § 16-11-70(b).

22.

Oregon Revised Statutes Annotated § 802.181(5).

23.

South Carolina Code Annotated § 37-20-180(A)(6).

24.

Ohio Revised Code Annotated § 2913.49(B).

25.

Washington Revised Code Annotated § 19.255.010(1).

26.

New York General Business Law § 899-aa, et seq.

27.

Mississippi Code Annotated § 75-24-29(2)(b)(iv) and (3).

28.

Mississippi Code Annotated § 75-24-29(3).

29.

Idaho Code § 28-51-105(1).

30.

Arkansas Code Annotated § 4-110-105(b)(2).

31.

Pennsylvania Statutes Annotated Chapter 73 § 2305.

32.

North Carolina General Statutes § 75-65.

33.

Florida Information Protection Act. Florida Statutes § 501.171.

34.

The White House. National Security Memorandum on Critical Infrastructure Security and Resilience. 2024. https://www.whitehouse.gov/briefing-room/presidential-actions/2024/04/30/national-security-memorandum-on-critical-infrastructure-security-and-resilience/. Accessed 14 December 2024.

Data Security and Privacy Regulation in the U.S.A: A 50-State Legislative Survey

Abstract

Keywords

Get full access to this article

References