Data law

Data law

by John Bandler

Data law is law about data, such as data breach notification laws, cybersecurity laws, and privacy laws.

It is the newest part of cyberlaw, it is laws enacted specifically to protect data, mostly consumer data.

Terms mean different things to different people, this is what data law means to me.

I wrote a book on cyberlaw, and it includes chapters on data law.

Data law in a minute

Data law is the merging of two words, "data" and "law".

It is the law around data, mostly meaning consumer data (data about us). Data law is the portion of cyberlaw created specifically to deal with our newer issues with data, to include laws for:

• Secure data disposal
• Data breach notification
• Cybersecurity
• Privacy.

In my book on cyberlaw, I have several chapters devoted to these aspects of data law. It starts with a simple overview of data law (sort of like this article), then addresses each in turn, then dives deeper into some of the specific data laws. This website has free companion resources to each chapter (links below).

What is law?

Law is a system of rules put forth by the government. It includes the federal and state constitutions, statutes that are created through the legislative process, regulations but forth through the regulatory process, and decisions by judges (precedent) that interpret the laws.

I have other articles just on Law and Rules (links at bottom).

What is cyberlaw? (It includes data law)

Cyberlaw is the area of law dealing with digital things, computers, data, networks, the internet. It encompasses data law.

There are two analogies I use to visualize cyberlaw with respect to other areas of law:

• Cyberlaw is built on a foundation of traditional law
• Cyberlaw is a subset of all law.

Notably, almost everything in life to day is related to "cyber", and that means almost everything relates to cyberlaw in some way.

Why data law?

Existing laws and statutes were not sufficient to deal with all the issues we now encounter with cyberspace. Commercial monetization of consumer data and cybercrime mean that consumers need new laws to protect their privacy. So these new data laws were created, laws regarding:

• Secure data disposal
• Data breach notification
• Cybersecurity
• Privacy.

Further, some of these areas of data law are subsets of the other. For example, most cybersecurity laws will have a secure data disposal component within them. And most privacy laws will includes components of data breach notification and cybersecurity.

There is more to know about data law

I cover data law in part 6 of my book on cyberlaw, and a lot more. Before we get there, we cover traditional law and how it applies to cyberspace.

I also have lots of free resources on data law on my site starting with my Cyberlaw book resources page.

You can also hear me talk through some main points in my online course, Cyberlaw course on Udemy.

I created a short YouTube video on data law also (video embedded below).

Conclusion

Data law is the newest part of cyberlaw, I cover it in Part 6 of my book on Cyberlaw, with about six chapters.

This article is (of course) not tailored to your circumstances, nor is it legal or consulting advice.

Additional resources

• • Cyberlaw Book
  • Cyberlaw Book Resources
  • My cyberlaw course at Udemy
  • Cyberlaw
  • Cyberlaw things to know
  • Data law: a part of cyberlaw we all should know about (my article for Reuters, hosted here)
  • Law
  • Cybercrime
  • Introduction to Cybersecurity and Information Security
  • Policies and Procedures book (which includes cybersecurity and dealing with data laws)
  • What is Data Law (in ten minutes), my video on YouTube (also embedded below)

This article is hosted at https://johnbandler.com/data-law, copyright John Bandler, all rights reserved.

Originally posted 11/23/2024, updated 11/22/2025.