State Regulations

In the United States of America, each state has its own laws and regulations that must be complied with, each differing in stringency.


Currently, almost all states have legislation pertaining to data privacy. Please check the state legislature that is relevant to your business.


Examples of individual state privacy laws include:

  • New York Privacy Act

  • Massachusetts Data Privacy Law

  • California Consumer Privacy Act (CCPA)

  • Hawaii Consumer Privacy Protection Act

  • Maryland Online Consumer Protection Act


Data protection is a crucial preventative measure to prevent non-compliance with a State Privacy law.


Learn more about privacy laws here.


CCPA

One of the most stringent of the U.S. privacy laws is the California Consumer Privacy Act (CCPA) which came into effect on 1 January 2020.


The CCPA focuses on enforcing consumer privacy rights, and residents of California are guaranteed the following:

  • The right to request information about how their data is used and shared

  • The right to be forgotten

  • The right to control who has access to their information

  • The right to opt out

  • The right to refuse the sale of their information


In order to comply with the CCPA, companies based in California are advised to apply a tried and tested data protection method, such as data masking, to protect sensitive data from both internal and external threats. Data masking is a GDPR-approved method of safeguarding data.


Learn more about the GDPR here.


CDPA

In March 2021, Virginia signed the Virginia Consumer Data Protection Act (CDPA) into law, making it the second U.S. state after California to enact a comprehensive state privacy law. Once the CDPA is in effect, Virginia residents will have the right to access, rectify, delete, ask for, and opt-out of the sale and processing of their personal information. As with the GDPR, the CDPA requires businesses to take adequate measures to ensure their sensitive data is protected, including implementing data protection methods such as data masking.


The CDPA comes into effect on 1 January 2023.

Coming soon - The SAFE Data Act

If passed, the SAFE DATA Act will encompass the U.S. Consumer Data Protection Act, the Filter Bubble Transparency Act, and the Deceptive Experiences To Online Users Reduction Act. This new all-one-one privacy law contains several additions relating to sensitive data and regulates the use of "deceptive measures" to obtain customer data.


The law will be enforced by the Federal Trade Commission and take precedence over state privacy laws such as the CCPA. It is expected to pass through the 117th Congress in January 2021.


The SAFE DATA Act grants the following privacy rights:

  • The right to transparency

  • The right to access

  • The right to deletion

  • The right to correction

  • Portability


Key provisions of the SAFE DATA Act include:

  • Entities are required to obtain express consent before processing or transferring an individual's sensitive data.

  • Customers have the right to opt-out of the collection, processing, or transfer of personal data.

  • Customers have the right to access, correct, delete, or transfer their sensitive data and cannot be discriminated against for doing so.

  • Entities must publish transparent privacy policies prior to collecting sensitive data that discloses the type of data being collected, the purpose for collection, if and to who data is to be transferred, data retention policies, and an outline of customer rights.

  • Entities must minimize data collection, processing, and retention to what is reasonably necessary.

  • Maintain data security policies and practices to protect sensitive data.

  • Entities must appoint a data privacy and security officer.

  • Entities may not use deceptive or confusing methods to obtain consent for collecting customer data.

How Hush-Hush can help with State law compliance

With state privacy regulations changing and updating regularly, we can help you maintain a base level of compliance using trusted data protection tools to safeguard your data. No matter how many times the law changes, you'll always stay ahead knowing your data is well secured.

BuildNumber = dev_20210906.1