Last review date: 31 December 2024
Yes. Laws that may require the retention and storage of personal data (including, for example, where such data is part of another type of record or dataset) in the local jurisdiction or otherwise prohibit the transfer or disclosure of personal data outside of the local jurisdiction:
☒ national security laws
☒ anti-investigatory/blocking statutes that restrict any activity on local territory that aids a foreign government investigation
☒ tax or financial record laws
☒ employment laws
☒ export control laws
☒ other
Sector-specific and state regulations may impose obligations to retain data in the US.
Last review date: 31 December 2024
☒ Obligation for public sector organizations to share or make accessible non-personal data
☒ Obligation for private organizations to share or make accessible non-personal health data
☒ Obligation for private organizations to share or make accessible non-personal financial data
☒ Obligation for private organizations to share or make accessible other non-personal data
If so, please provide brief details of the relevant law or regulation.
The Consumer Financial Protection Bureau's (CFPB) open banking rules enhance consumer rights over personal financial data, requiring financial institutions to provide consumer data to authorized third parties in a secure and reliable manner upon the consumer's request and at no cost. Covered data includes "information about transactions, costs, charges, and usage." Compliance will be in phases, with larger institutions needing to comply by 1 April 2026. Smaller covered institutions will have until 1 April 2030 to comply. Certain small banks and credit unions are exempt from these requirements.