Within the United States, privacy laws and regulations are targeted to protect certain types of personally-identifiable information, such as health records, financial information, and student records. Many other countries have enacted laws with much broader scopes of protected information, extending even to names and telephone numbers.
Privacy laws can be triggered:
(a) within each country, with respect to records and information collected, maintained, and stored in the country; and
(b) when information is conveyed from one country to another. A country with relatively strict privacy laws might not permit the transfer of information to a country deemed less protective (including the United States) unless specific permissions are obtained or other approved measures are taken.
In addition, the loss or unauthorized access to protected information may compel disclosure, governmental filings, and other measures within the country.