“A Basic Breakdown of Jurisdiction in the US Legal System”
The US legal system is complex. There are Federal, State, and local laws and regulations.
Federal Laws and Regulations – (a) MAY apply to all companies operating within the boundaries of the United States, and (b) constitute the main body of regulatory cybersecurity law within the US.
State Laws and Regulations – (a) MAY apply to companies operating within the bounds of a particular State, and (b) constitute a minority of the regulatory cybersecurity laws, BUT (c) constitute the majority of law regarding PERSONAL suits against companies who have had cybersecurity breaches.
BE ADVISED – Just because your company is not located within the borders of the US does not necessarily mean that your company is exempt from these laws and regulations.
Whether a company falls under the jurisdiction of a foreign country is always a complicated question, and requires legal research into the matter on a case by case basis.
Jurisdiction generally – For our purposes there are two types of jurisdiction we should be a little familiar with: (a) personal jurisdiction, and (b) subject matter jurisdiction.
- Personal Jurisdiction – This means that a particular court or enforcement entity has the ability to hear or enforce a case against your company because there is a connection with your company and the US or a particular State within the US.
- Subject Matter Jurisdiction – This means that a particular court or enforcement entity has the ability hear or enforce a case against your company because a government granted it authority to hear and/or enforce the kind of law or regulation your company violated.
Violating a law or regulation can have severe financial consequences for your company, and determining which laws and regulations apply should not be left to guesswork. Digital Edge can assist you in determining which Federal and State laws are applicable to your company.