Data privacy laws in the US regulate the use, collection, and disclosure of data and individuals’ rights concerning the data once it is shared.
The United States doesn’t have one comprehensive law that covers the privacy of all types of data. Instead, there are laws covering only specific types of data in special circumstances or applicable to given states.
There are a few major data privacy acts in the US:
- Health Insurance Portability and Accountability Act (HIPAA) – It regulates the use and disclosure of personal health information (PHI) by healthcare providers and health insurers.
- Gramm-Leach-Bliley Act (GLBA) – This law applies to financial institutions and obliges them to implement tight security measures for data protection.
- Children’s Online Privacy Protection Act (COPPA) – It sets an obligation for web and app providers to receive parental consent before collecting any personal data on children under 13 years old.
The law that revolutionized the approach to data privacy in the US was the California Consumer Privacy Act (CCPA), expanded with the California Privacy Rights Act (CPRA) and applicable to businesses in California. It gives consumers rights concerning their personal data and imposes certain obligations on businesses that collect or sell it.
Only a few other US states have their own data privacy laws, including:
- Utah Consumer Privacy Act (UCPA)
- Colorado Privacy Act (CPA)
- Virginia Consumer Data Protection Act (VCDPA)
- Connecticut Data Privacy Act (CDPA)
US companies operating in the EU are also obliged to adhere to GDPR.
You may also like:
Data privacy laws in the United States and how they affect your business
11 new privacy laws around the world and how they’ll affect your analytics
