Learn more about data security in the US and how you can protect your personal information.
Historically, data protection laws in the US focus on protecting specific types of data in certain industries. Broader legislation often takes place at the state level, only protecting citizens in a localized area. Although efforts have been made to enact comprehensive data protection laws in recent years, it’s important to be mindful of cybersecurity threats. Taking independent measures to enhance your data security is an excellent way to ensure your private data remains private.
Data security refers to the protection of digital assets and information from unauthorized access and misuse. It ranges from securing physical devices and hardware to protecting software applications and their contents. In an organization or business, data security is often approached through cybersecurity policies, procedures, and technologies. On an individual level, users may rely on data security tools or data safety practices. There are subcategories of data security, such as:
Cloud data security. Cloud computing enables users to access data from any device that can connect to the internet. As a result, securing cloud data requires unique processes, tools, and guidelines. Cloud data security is the process of protecting data as it rests (in storage) and travels in and out of the cloud.
Big data security. The term big data refers to data that is large, complex, and varied. It’s often managed by enterprise-level businesses or organizations. The most significant difference between big data security and any other data protection strategy is variety. Data collection sources, devices used to access and store the data, and analytical tools used to output the data may all require different modes of protection.
Last year, over 422 million individuals in the US were impacted by data breaches, leakages, and exposure [1]. Unprotected data in the wrong hands can lead to theft, corruption, financial loss, and damage to reputation and devices. In 2023, the global average cost of a data breach is $4.45 million, a sizable 15 percent increase over the last three years [2]. If a data breach takes place at a company, they may face penalties such as fees, investigations, or costly litigation. On an individual level, data security is essential for preventing cybercrime such as identity theft.
The CIA Triad sets the standard for general information security. It stands for:
Confidentiality, or, protecting sensitive information from unauthorized access.
Integrity, or, ensuring data is complete, trustworthy, and unaltered by unauthorized sources.
Availability, or, the accessibility of data when it’s needed.
Despite the lack of an overarching data security policy, the US does have several privacy regulations that apply to certain data types. For example, The Privacy Act of 1974 dictates the collection and use of personal data by federal agencies. California consumers have the right to demand a company provide them with all information that’s been collected about them under the California Consumer Privacy Act (CCPA).
Read more: Data Privacy in 2023: TikTok, Facebook, and US Laws
The American Data Privacy and Protection Act could serve as a comprehensive, federal data protection law, similar to Europe’s General Data Protection Regulation (GDPR). Although it was approved by the US House of Representatives’ Committee on Energy and Commerce in July 2022, it has since failed to advance to the floors of the House or Senate. Strong support for this legislation has been expressed, but differing opinions on what it needs to include have stymied further progress.
Whether you’re a small business owner, an employee, or an individual, there are many different ways to secure your data. In the sections below, you can learn about the three types of data security safeguards: administrative, physical, and technical. Then, read on to find out how you can employ these safeguards for personal or professional use.
Administrative security solutions. Administrative safeguards are established protocols, policies, and procedures for protecting data. Examples include access management, risk analysis, data security training, and disaster recovery planning.
Physical security. Physical data security strategies include locked cabinets, restricted access areas, and secured locations for physical keys to eliminate the risk of illegal access.
Technical security. Technical safeguards refer to the tools, controls, and security technologies used to protect data. Examples include system configurations that require passwords to be a certain length or software that helps detect unauthorized users.
There are several measures you can take to protect your data that don’t require any purchases or downloads. For example, check your privacy settings on a regular basis. This is an excellent way to ensure you’re not providing companies with more data than you’re comfortable with through the applications and websites you use frequently.
To find out more about a company’s data collection and usage methods, read the privacy policies you’re presented with. They can be lengthy at times, but it’s worth taking a moment to protect your personal information.
In addition to those free options, here are a few products and services to enhance your personal data protection:
Antivirus protection. Antivirus programs are a type of security software that prevents, monitors, and removes malware (malicious code or software) from your device.
Firewall. A firewall can consist of hardware, software, or both. It monitors your network traffic to protect your device from unauthorized parties via the internet.
Virtual private network (VPN). A VPN is a service designed to protect your internet connection and online privacy. VPN services create encrypted “tunnels” for your data to travel through, hiding your IP address and making it safer to use public Wi-Fi.
Privacy screens. A privacy screen is a thin layer of protective glass or film that makes it difficult to view the contents of your screen unless you’re positioned directly in front of it. This method is a great physical data security safeguard for people who often travel or work in public spaces.
Password management. Individuals can protect and track their passwords by using password manager applications or software. They work by storing all your passwords across applications and websites in the same place, behind one master password. The goal is to eliminate other, less secure methods of password management such as writing them down or reusing them.
Multi-factor authentication. Multi-factor authentication (MFA) is a method of data protection that requires users to identify themselves via another device or through biometrics. For example, you might need to type a security code into your laptop that was sent to your mobile device, or use facial recognition in addition to your login credentials.
Data security requirements for businesses can be a bit more complicated, but many of the same security measures apply. For example, remote-based businesses often use a company-wide VPN to ensure their employees can gain digital access securely from anywhere. You can also invest in larger-scale antivirus solutions.
The most significant difference between personal data protection and data protection in corporate environments is administrative. As a business owner, you’ll need to set cybersecurity guidelines and protocols to ensure your processes align with industry standards and compliance regulation. Many companies hire data security management professionals such as information security analysts, security engineers, or InfoSec managers to implement access control measures and other regulatory requirements.
Building your data security skill set is not only crucial for personal protection, but can also be beneficial for your career. Nearly every modern business handles large amounts of data every day. Knowing how to access and manage this data while being mindful of cybersecurity threats is a high-value skill.
You can build a foundational knowledge of cybersecurity in just 12 hours by enrolling in the beginner-friendly online program, Data, Security, and Privacy by the University of California, Irvine. By the end, you’ll learn how to evaluate security risks, manage threats, and protect data while earning a shareable certificate for LinkedIn. Or, learn from an industry expert by earning a Google Cybersecurity Professional Certificate, designed to prepare you for an entry-level job in cybersecurity.
Statista. "Number of data breaches and victims U.S. 2022, https://www.statista.com/statistics/273550/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed/#:~:text=In%202022%2C%20the%20number%20of,breaches%2C%20leakage%2C%20and%20exposure.” Accessed September 15, 2023.
IBM. “Cost of a Data Breach Report 2023, https://www.ibm.com/reports/data-breach.” Accessed September 19, 2023.
Editorial Team
Coursera’s editorial team is comprised of highly experienced professional editors, writers, and fact...
This content has been made available for informational purposes only. Learners are advised to conduct additional research to ensure that courses and other credentials pursued meet their personal, professional, and financial goals.