A new study has analyzed all 50 U.S. states, finding Kentucky offers the best data privacy, while South Dakota came in dead last.

DesignRush.com has released its Data Privacy Day 2025 study, evaluating states based on three criteria:

• Cybercrime rate
• Data breach rate
• State’s data protection laws

According to DesignRush, Kentucky took top honors, with a score of 99.32, for offering the best data privacy protections:

Kentucky ranks as the safest state for data privacy in 2025 due to its exceptionally low cybercrime rate of 102.5 incidents per capita 100.000 and minimal breaches at 0.09 per capita 100.000. Its strong legal protections, with a score of 6, reflect its commitment to safeguarding residents’ data.

In contrast, South Dakota came in last, with a score of 65.14:

South Dakota is the least safe state for data privacy, with a high cybercrime rate of 183.6 incidents per capita 100.000 and the second-highest data breach rate of 0.98 per capita 100.000. Its lack of comprehensive privacy laws (scored 1) also highlights its struggles in protecting its residents’ data.

Rounding Out the Top Three

Rhode Island came in second place with a score of 97.14:

Rhode Island secures second place with a balance of moderate cybercrime (130 incidents per million) and an extremely low breach rate of 0.09 per capita 100.000. Its strong legal framework also reinforces its high safety score.

Tennessee rounded out the top three, coming in with a score of 96.43:

Tennessee ranks third, with moderate cybercrime (119 incidents per capita 100.000) and relatively low breaches at 0.20 per capita 100.000. Its comprehensive data privacy laws contribute to its impressive safety score.

As DesignRush points out, businesses in the top states benefit from the trust these states’ legislation provides. Because their data is relatively secure, customers trust sharing it with companies. What’s more, clear legislation provides a clear framework for companies to operate within.

Rounding Out the Bottom Three

Alaska came in as the second-worst state, with a score of 66.50:

Alaska’s extremely high cybercrime rate of 318.8 incidents per capita 100.000, paired with minimal legal protections (law score of 1), places it among the most vulnerable states. Despite a low data breach rate of only 0.14 per capita 100.000, the lack of safeguards leaves residents exposed.

Massachusetts rounded out the bottom three with a score of 68.16:

Massachusetts experiences a moderate cybercrime rate of 141.6 per capita 100.000 but is burdened by the highest data breach rate of 1.21 per capita 100.000. Limited legal protections (law score of 2) also contribute to its poor performance when it comes to data privacy.

Operating in one of the worst states comes with a variety of challenges, from a lack of consumer trust to the risks associated with compliance issues, higher cybercrime rates, breaches, and fines.

Conclusion

DesignRush’s study underscores the importance of strong data privacy legislation, something the U.S. notoriously lacks. As a result, the issue is left up to individual states, with the varying outcomes the study demonstrates.

In the meantime, consumers suffer, and companies are stuck navigating a quagmire of different regulations and requirements, depending on the state they operate in.