Despite numerous proposals over the years, there is no one comprehensive federal law that governs data privacy in the U.S. There’s a complex patchwork of sector-specific and medium-specific laws, including laws and regulations that address telecommunications, health information, credit information, financial institutions and marketing. The U.S. has hundreds of sectoral data privacy and data security laws among its states. U.S. state attorneys general oversee data privacy laws governing the collection, storage, safeguarding, disposal and use of personal data collected from their residents, especially regarding data breach notifications and the security of Social Security numbers. Some apply only to governmental entities, while others apply only to private entities, and some apply to both. The most comprehensive state data privacy legislation to date is the California Consumer Privacy Act (CCPA). Signed into law on June 28, 2018, it went into effect on January 1, 2020. The CCPA is cross-sector legislation that introduces important definitions and broad individual consumer rights and imposes substantial duties on entities or persons that collect personal information about or from a California resident.