Are there laws protecting your data?
Concern around personal privacy is nothing new, so you may be wondering if there are any federal laws that protect your personal data. The US Privacy Act of 1974 was passed into law as a way to provide protection for citizens across the nation. Back then, the law was geared towards the federal government and controlling how agencies gathered, used, and shared sensitive data about consumers.
As more companies operate in the digital space, individual states are putting together their own legislation.
Where are there data privacy laws?
In the US, currently five states have put together and passed intensely detailed data protection laws. Since 2018, those states are California, Colorado, Connecticut, Utah, and Virginia. Each state varies somewhat in what is covered by the laws. However, they all have certain aspects in common, such as the consumer's right to access personal data and have it deleted from certain companies that hold onto it.
US data protection laws
There are several US data protection laws that have been put into place to protect the personal data of U.S. citizens. Some of these US data protection laws include:
California data privacy laws
If you've ever wondered how much and what information a company has on you as a consumer, California wants you to find out. As of July 2018, California was the first state to take a step toward general data protection regulation. The California Consumer Privacy Act (CCPA) was officially signed into law to enable this.
CCPA puts people in charge of their personal data. It forces businesses to be clear about what they are doing with the personal data they get and how they express it to the consumer. Businesses must have the consumers' privacy rights in an easily accessible place. There should be no confusion about how to opt out.
Essentially, CCPA empowers Californians to know who has their personal data, to ask those entities to delete private information, to remove themselves from advertising, and to not be discriminated against. Beyond what information residents put into a site, this data protection law also covers things like GPS locations and messages, or posts made using the record function.
In California and getting messages or emails from a business that you don't recognize? CCPA enables consumers to find out who gave or sold their information.
Colorado data privacy laws
The Colorado Privacy Act (CPA) was passed in the state senate on July 7, 2021. Colorado was the third state to sign a data privacy legislation into law. Once it goes into effect as of July 2024, residents will be able to opt out of digital advertising campaigns, the selling of personal information, and being profiled.
CPA applies to any entity that does any type of business within the Colorado borders. This extends to companies that deliver products to customers through eCommerce websites. Also included are services where the personal data of at least 100,000 customers is used annually or the data of 25,000 consumers is used to share discounts.
For the purposes of the CPA, customers are residents who act for themselves or their households.
If there is a breach in the privacy regulations that have an impact on at least 500 residents, the companies must inform anyone who has been affected. They are also required to give notice to the Office of the Attorney General. In an effort to streamline the process, a form can be filled out online to accomplish the task.
Virginia data privacy laws
In March 2021, the Virginia Consumer Data Protection Act (VCDPA) was passed. They were the second state to put detailed data privacy legislation into law. VCDPA gives residents the ability to access their online data. This comes with the right for Virginians to tell a company to permanently remove any individual info they may be storing.
Entities affected are ones that not only have consumer dealings in the state, but also hit one of two thresholds. The first is that the business deals with the personal data of 100,000 customers, at a minimum. The second is if the company gets more than half its revenue from selling the data of 25,000 or more customers.
Businesses with a customer base in Virginia must legally run data protection assessments when it comes to targeted campaigns. This extra step before advertising will keep companies compliant.
Other state privacy laws
Connecticut and Utah are the two other states that currently have data protection laws in place. Utah’s Consumer Privacy Act allows consumers to know what personal data of theirs is being collected and what the business is doing with it. This law also gives consumers the option to delete any personal data that they don’t want businesses to access, as well as opt-out of data collection. Connecticut has an act that allows consumers to opt-out of data collection and request information about what is being done with their data.
European data privacy laws
The European Union has put together some of the strictest data privacy laws in the world to protect EU citizens and their personal data. That can make it tough for businesses to get used to, but not impossible. The General Data Protection Regulation (GDPR) spells out a plethora of privacy regulations that apply to companies all over the globe. Basically, any company that is gathering data and targeting these citizens has to follow guidelines found in hundreds of pages detailing the security law. For example, GDPR forbids companies from sharing info about Europeans with non-EU countries