Certified Cloud Security Professional (CCSP) — Question 369

Which of the following jurisdictions lacks a comprehensive national policy on data privacy and the protection of personally identifiable information (PII)?

Answer options

• A. European Union
• B. Asian-Pacific Economic Cooperation
• C. United States
• D. Russia

Correct answer: C

Explanation

The United States lacks a comprehensive national policy on data privacy, relying instead on a patchwork of state laws and sector-specific regulations. In contrast, the European Union has established the General Data Protection Regulation (GDPR) to protect PII. Similarly, both the Asian-Pacific Economic Cooperation and Russia have frameworks that address data privacy more comprehensively than the U.S.