Blog
Insight

Mapping the Maze: Making Sense of US Privacy Risk Exposure

Alan Ragueneau
May 28, 2025
5 min read

Table of contents

Heading 2
Heading 3
Heading 4
Heading 5
Heading 6

Introduction

Privacy-related non-financial risk is growing more complex—and more urgent. As our digital world accelerates, regulations around data protection are multiplying. While Europe took an early lead with the GDPR, the United States is catching up—fast.

With laws now spreading across nearly 20 U.S. states and a tangle of federal norms, business leaders are left asking: Which privacy laws apply to us, and what’s the real financial exposure if we get it wrong?

The Landscape: Fragmented and Deepening

- Digital acceleration (social media, AI, Gen-AI) has drastically increased exposure.
- California led the charge with CCPA, but now ~20 other states are enacting similar laws.
- At the federal level, laws like CAN-SPAM, HIPAA, and COPPA create additional complexity.

This means even basic risk estimation — such as determining a fine — can require navigating multiple overlapping texts, subclauses, and regulatory bodies.

The Problem: A Simple Question, a Complex Answer

Take a federal law like CAN-SPAM. Answering the question “What’s our risk?” involves reviewing:

- 15 U.S.C. § 7706
- 16 CFR Part 316
- 16 CFR § 1.98

Just to identify which penalties apply.
Theoretical risk? $53,088 per violation.
Example: 100,000 non-compliant emails → $5.3 billion theoretical exposure.

But real-world enforcement is often less dramatic. For CAN-SPAM, the biggest fines barely hit seven figures. Other laws,like COPPA, have yielded fines in the hundreds of millions.

The Real Question: Where’s the Risk Actually Coming From?

Knowing which norms bite —and which are just bark— is essential for allocating compliance efforts.

At GlisRisk, we’ve developed a way to model regulatory risk systematically, balancing worst-case scenarios with practical, data-driven exposure estimates.

Conclusion

When it comes to privacy regulation in the U.S., complexity is the norm. But uncertainty doesn’t have to be. We help organizations clarify which laws matter most, how to prioritize resources, and how to turn regulatory exposure into strategic insight.

Want to know your real exposure? Let’s talk.

Ready to Turn Risks Into Growth?

Unlock your potential by turning compliance challenges into strategic growth opportunities for your organization.

Book My Executive Briefing
Blog

Insights on Legal Risks

Explore our latest articles on compliance and ESG.