June, 2024
Privacy laws in the U.S. vary by state — some states have signed laws that provide privacy protections, while others have no rules, which is the information covered on this page.
To learn about the GDPR and/or big tech read more here.
To learn about Google tools and policies on privacy protection read more here.
California
In 2020, voters in California passed the California Privacy Rights Act (CPRA), an amendment to the CCPA. The CPRA provides additional protection for Californians, such as the right to know what personal data entities are collecting about them and the right to know if businesses are selling their data and to whom.
Colorado
The Colorado Privacy Act is a new law that will take effect on July 1, 2023. This law will require businesses to disclose their data collection and sharing practices to consumers and gives Colorado residents the right to opt out of the sale of their personal data. The law also imposes strict penalties for companies and authorizes the state attorney general to bring enforcement actions.
Connecticut
The Connecticut Personal Data Privacy and Online Monitoring Act covers any business that collects personal information from Connecticut residents. The law provides privacy protection regulations for data controllers and processors and requires them to take reasonable security measures to protect personal data.
Delaware
Delaware remains within the top five this year. Laws that require the government to dispose of customer data after a set period of time, protect genetic data, protect the privacy of e-reader and library data, and protect minors help the state stand out.
There were no updates for Delaware this year. However, it is one of the states that require consent from both parties before call recording can be carried out.
Illinois
Illinois paved the way for legislation that specifically protects biometric data like fingerprints, face recognition scans, and retina scans, being the first state to enact this way back in 2008. It is only in recent years that several other states (California, Texas, and Washington) have followed suit. It is also one of 18 states to have a comprehensive genetic data protection law.
Both companies and the government must dispose of personal data after a set period of time. Employers and schools cannot force employees and students to hand over social media account login information. The state also enforces strict regulations regarding the use of artificial intelligence for video interviews and requires consent from both parties when recording calls.
Florida
The FDBR imposes obligations on "controllers" (for profit legal entities that conduct business within the state of Florida, collects personal data from consumers, and determines the purposes or means of the processing of personal data) who have an annual global revenue of more than $1 billion and meet one of the following criteria:
1.) Derive 50 percent of its global gross annual revenue from the sale of advertisements online;
2.)Operate a consumer smart speaker and voice command service with an integrated virtual assistant connected to a cloud computing service that uses hands-free verbal activation;
or
3.)Operate an app store or digital distribution platform with at least 250,000 different software applications for consumers to download and install.
Compared to other state privacy laws, the applicability of the FDBR is significantly limited in scope due to its high jurisdictional thresholds. The law is clearly intended to regulate "Big Tech" companies. As such, the provisions in the FDBR will not be relevant to most businesses.
Louisiana
The Louisiana Consumer Privacy Act (SB 199) is a proposed bill introduced in the Louisiana State Senate during the 2023 legislative session.
Maryland
The Maryland Online Consumer Protection Act protects consumers from cybersecurity threats, including data breaches, theft, phishing, and spyware. While this law is similar to other state privacy laws, it’s more comprehensive in certain respects.
For instance, Maryland law requires businesses to take reasonable steps to protect consumers' personal information from unauthorized access, use, or disclosure. The law also requires entities to provide consumers with a way to opt out of having their personal information collected, used, or sold.
This act applies to all businesses that collect, use, or disclose personal data about Maryland residents, including out-of-state companies that sell goods or services to Maryland locals.
Massachusetts
The Massachusetts Data Privacy Law is a set of regulations governing businesses' handling of personal information. The law applies to any organization that holds, uses, or discloses personal data about Massachusetts residents.
Some of the law’s provisions state that companies must obtain consumer consent before collecting or using their data. In addition, entities must take necessary steps to secure consumer data. The state law also establishes that companies must disclose how they use consumer data and allow customers to opt out of specific uses. Finally, organizations must ensure that the data they collect is accurate and up-to-date.
Nevada
Senate Bill 220, prohibits the operator of a website or online service from selling certain collected consumer information in Nevada if directed by the consumer. Separating itself from the California Consumer Privacy Act, SB 220 is one step of a multi-step approach to Nevada’s privacy legislation.
The law was developed to work with Nevada’s existing privacy and security laws, following concerns over the transparency of third-party data sales in the state. The law provides consumers who reside in Nevada with the ability to opt out of data sales. Unlike the CCPA, SB 220 is not comprehensive, does not provide proportional service for data collected, and does not contain an explicit anti-discrimination clause for individuals who choose to opt out.
New Hampshire
SB 255 is a comprehensive consumer privacy protections ensuring that consumers can view what personal data is collected by companies, how it is held, and to have that information deleted upon request.
Under the new law, New Hampshire becomes the 14th state to enact comprehensive consumer privacy protections ensuring that Granite State consumers can view what personal data is collected by companies, how it is held, and to have that information deleted upon request.
New York
The New York Privacy Act is one of the most comprehensive pieces of privacy and security legislation in the U.S. This law sets strict rules about how businesses must handle consumers’ personal information and gives individuals new rights concerning data. The act significantly impacts companies operating in New York state and helps ensure all residents control their personal information. Some key provisions of the privacy law include:
Entities must disclose what categories of consumer data they collect, use, or sell, and the purposes for which they’ll use the data. Robust enforcement mechanisms provide a private right of action and implement civil penalties per violation.
North Dakota
North Dakota has taken steps to address digital privacy concerns, with a proposed opt-in privacy law and ongoing discussions about data protection.
Oregon
the Oregon Consumer Privacy Act (the Act), or SB 619, will take effect on July 1, 2024, except for some provisions that will not take effect until January 1, 2026. The Act applies to any person that conducts business in Oregon, or that provides products or services to residents of Oregon, and, during a calendar year, controls or processes either:
1.) The personal data of 100,000 or more consumers, other than personal data controlled or processed solely for the purpose of completing a payment transaction; or 2.) The personal data of 25,000 or more consumers, while deriving 25 percent or more of the person’s annual gross revenue from selling personal data.
Importantly, the definition of “consumers” is limited to a natural person residing in Oregon and excludes both employee and business-to-business (B2B) data. “Sale” is defined broadly, similar to the California Consumer Protection Act, as the “exchange of personal data for monetary or other valuable consideration” with a third party except for data disclosed to processors.
South Dakota
The digital privacy landscape is characterized by a mix of common law and public sector-focused privacy laws, with limited private sector regulations.
Utah
The recent enactment of the Consumer Privacy Act sees it rising through the rankings this year to take second place (alongside Virginia). This act, which comes into power on December 31, 2023, ensures consumers are aware of the data companies are collecting on them, can opt out of third-party data sharing, and can request that their data is deleted. The act also protects geolocation data, making Utah one of just five states to have this specific provision within its data protection laws.
Other key areas for Utah include data disposal laws for governments and companies, social media privacy laws for employers and educational institutions, and laws to govern the use of artificial intelligence and genetic data.
Virginia
The Virginia Consumer Data Protection Act is a new law that’ll take effect on January 1, 2023. It will require businesses to take reasonable steps to protect consumer data privacy, confidentiality, and integrity.
This new law applies to any business that collects, uses, or discloses the personal information of 100,000 or more Virginia consumers or derives 50 percent or more of its revenue from the sale of consumer data.
The law also gives Virginia residents the right to access their personal data and request correction if it’s inaccurate.
Wyoming
The Wyoming Digital Privacy Act is a set of laws and regulations that aim to protect the privacy of individuals in the state of Wyoming in the digital age. The act covers various aspects of digital privacy, including data breach notification, personal identifying information, and online data collection. This legislation defines personal identifying information as any combination of an individual’s first and last name, plus one or more of the following:
Date Updated: June 2024
Sources: https://www.varonis.com/blog/us-privacy-laws#new, https://www.whitecase.com/, https://iapp.org/ and other sites.
Be sure to check your local resources for more information as this laws relating to privacy are changing without notice.
Lawmakers in Massachusetts and Illinois are already proposing privacy measures modeled on the federal bill, and Democrats in Indiana are using it as inspiration to strengthen legislation that's already been proposed. Four other states have already passed their own data privacy laws in the past two years -- raising anxiety levels among tech companies about a national "patchwork" of hard-to-navigate data rules -- but encouraging advocates who see an appetite for broader consumer protections.
"We were wondering if there would be something passed federally. It would guide what we would be doing for the state," Democratic Indiana state Sen. Shelli Yoder said in an interview. "Because that failed, it put us in a position of needing to do something." The new statehouse focus by privacy advocates isn't necessarily designed to sweep across all 50 states but rather tighten regulations just enough in just enough places to force the industry into a de facto national standard.
they're hoping to enact state-level privacy proposals that align closely with what Congress attempted to pass with the American Data and Privacy Protection Act: regulations that would limit what data companies can collect and share, create a data broker registry, and establish new rights for Americans to delete data about themselves. But they're playing catch-up to an industry-led campaign that's made significant headway in several states, including Virginia and Utah, where weaker laws were enacted over the past two years.
Date Published: 23 Feb., 2023
Source: https://slashdot.org/
© 2010 - 2024 All RIghts Reserved By Dragon Grog LLC :: Gulf Coast Website Services and Plan Of Development