Privacy laws in the United States

Data privacy laws in the US regulate the use, collection, and disclosure of data and individuals’ rights concerning the data once it is shared.

The United States doesn’t have one comprehensive law that covers the privacy of all types of data. Instead, there are laws covering only specific types of data in special circumstances or applicable to given states.

There are a few major data privacy acts in the US:

The law that revolutionized the approach to data privacy in the US was the California Consumer Privacy Act (CCPA), expanded with the California Privacy Rights Act (CPRA) and applicable to businesses in California. It gives consumers rights concerning their personal data and imposes certain obligations on businesses that collect or sell it.

Only a few other US states have their own data privacy laws, including:

US companies operating in the EU are also obliged to adhere to GDPR.

You may also like:

Data privacy laws in the United States and how they affect your business

11 new privacy laws around the world and how they’ll affect your analytics

Data privacy breach

EU-US data privacy framework


  • What is protected health information (PHI)? A guide for healthcare marketers

    Quick summary What PHI is: Any individually identifiable health information created, received, maintained, or transmitted by a covered entity or its business associates Who it applies to: Healthcare providers, health plans, healthcare clearinghouses, and their business associates Why it matters for marketing: Marketing tools that collect or transmit PHI without a BAA create HIPAA compliance…

  • We checked 59 hospital websites. 73% kept tracking visitors after opt-out.

    A new study by Piwik PRO and Verified Data scanned 59 major US hospital and clinic websites for tracking and data compliance. The findings show just how common it is for major US healthcare websites to run marketing tools that weren’t built for a regulated environment. What we actually found Across the 59 scanned sites,…