American consumers are worried about their privacy and data security while buying a product or service. According to a study by Consumer Reports, 96% of American adults agree that brands should do more to ensure consumer data privacy.
With increasing data breaches—and consumers becoming more aware and voicing their disquiet—data privacy laws in the U.S. is a rising concern. Data laws and legislatures are ever-increasing in 2021.
As of March, state lawmakers introduced bills in 23 states. This step will benefit both businesses and consumers alike by providing consumers with a clear understanding of their rights and help brands to know the specific obligations to attain compliance.
If you’re doing business in the U.S., you want to make sure your organization adheres to current data privacy laws. But, staying on top of all of this legislation isn’t exactly straightforward. There is no single data protection legislation in the United States. Instead, there is a patchwork of sector-specific laws that govern data privacy.
Here is some of the most important federal and state data privacy legislation you need to be aware of in California, Illinois, Florida, New York, Texas, and Virginia.
Current Data Privacy Laws in the United States
The most inclusive piece of state-level legislation concerned with data privacy enacted over the past two years is the California Consumer Privacy Act (CCPA). The internet-focused legislation was enacted to ensure consumer privacy protection on the web and does not have any equivalent on the federal level. CCPA gives California residents the following rights:
- The right to know which personal information has been collected, shared, sold, or used in categorical terms and specific pieces of personal data.
- The right to delete any kind of personal information held by businesses and service providers.
- The right to reject the sale of personal information. Children under 16 need to give consent, while those under 13 need their parent’s or guardian’s consent.
- The right to get the same service or product without any discrimination, whether they exercise these rights or not.
This law applies to businesses with more than $25 million of annual income and companies dealing with personal information from more than 50,000 households, consumers, or devices. Those who get 50% of their annual revenue by selling consumer’s personal information must also comply with CCPA. Additional obligations apply to businesses that handle the personal information of more than $4 million customers.
CPRA (The California Privacy Rights Act) is CCPA 2.0—we answered common questions about CPRA in this blog if you want more detailed information.
HB 3910 was introduced in February this year for the Consumer Privacy Act. The Act mandates companies to notify and inform consumers about how their personal information gets used. Under this act, a customer has the right to delete any personal information collected by the business, under some exceptions.
House bill 969 is the latest data privacy provision by the Florida legislature. This new provision requires businesses to remain transparent about how they collect and sell personal data. It also gives consumers the right to opt-out of this practice and either delete or correct their information. The law also contains non-discriminatory measures.
The New York privacy act S5642 is still on hold. This act has similar attributes to the EU’s GDPR but adds a private right of action. It requires companies to reveal the category of information shared to third parties and their methods of de-identifying personal information. The act also enables customers to get information on who their data is being shared with.
In the second week of March, Texas state representative Giovanni Capriglione filed six bills regarding an increment of consumer data protection from the private sector.
In the previous session, the legislature passed HB 4390 (86R), which states that businesses that experience a data breach of 250+ Texans’ personal information need to report to the Attorney General. Since implementation, it has been reported that 31 million Texans have been the victims of a data breach in 2020 alone.
On March 2nd, Virginia became the second state to enact state consumer data privacy legislation. Virginia’s consumer data protection act SB 1392 requires companies to notify the customer and undertake data protection assessments for their data collection processes and ask for consent. The legislation also includes data protection and minimization obligations.
Download Our Data Privacy Guide
Use a Data Privacy Platform to Stay Compliant
Data privacy has become a crucial aspect of running a business as a single organization may hold data from millions of customers. It is absolutely necessary to keep this information safe to save the customer’s identity and the organization’s reputation.
To stay compliant with data protection laws—and keep the most updated customer privacy and communication preferences organized and accessible—brands are gravitating towards data privacy platforms.
SkyPoint Cloud is a customer data platform (CDP) and data privacy platform all rolled up into one solution. SkyPoint creates a unified view of customer’s behavior, transactions, and products while helping you comply with the latest data privacy laws.
Data privacy platforms conduct lawful data management by storing data indefinitely and sharing the required data with the system when needed. An effective solution will timestamp your customer’s data life-cycle at every stage and store all opt-ins and opt-outs, putting you in complete control of your customer data.
There’s no need to face all of these changing data privacy laws without technology supporting your cause. A powerful tool like Skypoint Cloud ensures compliance and lays out additional benefits. With automation and greater supervision capabilities, the platform enables you to follow compliance best practices and build personalized engagement programs that prioritize consumer trust and foster business growth.
If you need help aligning your business processes with the latest legislation, request a demo of our data privacy platform to see how SkyPoint keeps your teams compliant and customer-focused.