Law: There is no general personal data protection law.

Regulator: There is no general data protection authority.

Summary: While the Republic of Marshall Islands does not have a personal data protection law, nor any legislation governing cybersecurity, the Criminal Code 2011 [31 MIRC Ch.1] includes a provision on violations of privacy (§250.12. of the Criminal Code 2011), which covers unlawful eavesdropping or surveillance and breach of privacy of messages and frames such conducts as misdemeanours.

Moreover, various pieces of legislation in the financial sector address the protection of personal information. In particular, the Banking Act 1987 [17MIRC Ch.1] refers broadly to 'information’, the Income Tax Act 1989 [48MIRC Ch.1] provides for the secrecy of all information concerning individual taxpayers, in relation to the Secretary of Finance and every employee of the Department of Finance; and the  Anti-Money Laundering Regulations, 2002 includes provisions governing customer information.

Furthermore, the Marshall Islands has participated in international discussions related to cybersecurity and is a member of the Pacific Cyber Security Operational Network which, among other things, aims to strengthen cybersecurity across the across the Pacific.