Support Centre

District of Columbia


Law: Please note this State does not have a general privacy law in effect, you can visit US State Law Tracker to monitor the progress of US State bills

Regulator: The Office of the Attorney General for the District of Columbia ('AG')

Summary: Although the District of Columbia ('DC') does not currently have a general privacy act, the State has references to privacy through the Constitution for the State of New Columbia and the common law tort for the invasion of privacy, which has been long recognised by DC courts.

The process through which bills become laws is unique in DC. The Mayor of the Government of the District of Columbia can either sign the legislation, allow it to become effective without signature or disapprove the legislation. If the latter is the result, the bill will undergo Congressional Review by the U.S. House of Representatives and the U.S. Senate before becoming an official law, as was the case with DC breach law. DC's breach notification law, through the Security Breach Protection Amendment Act of 2019 ('the Act'), entered into effect on 10 April 2020 following its publication in the DC Register, and is due to be projected as an official law on 8 June 2020. Specifically, the Act amends the current breach notification law by, among other things, protecting a broader range of personal information and establishing various security requirements for companies handling personal information.