Law: Please note this State does not have a general privacy law in effect, you can visit USA State Law Tracker to monitor the progress of US State bills.

Regulator: Guam Office of the Attorney General ('AG')

Summary: Guam has not enacted comprehensive data privacy legislation. However, like other states and territories in the US it has enacted a data breach law through §48-10 of Chapter 48 of Title 9 of the Guam Code Annotated ('the Data Breach Law'). Notably, the Data Breach Law only apples to electronic data and is not applicable to encrypted or redacted data. Furthermore, good-faith acquisitions of personal information by employees or agents are also excluded and notification is only required to individuals. Moreover, individuals and entities may be liable for civil penalties for violation not exceeding $150,000 per breach or series of breaches uncovered in a single investigation. There are currently no pending data protection laws in the Guam legislature and, as such, privacy protections are largely provided through US federal privacy laws.