In the last ten years or so, there has been increasing concern about how companies collect users' data, what the companies do with the information, and whether they can protect it adequately. Although there is no federal regulation for online data collection, many US states are starting to take notes from the European GDPR laws and enact legislation that ensures digital companies take steps to protect user information. The new rules aim to make them more transparent about how they use the information.
These state-level laws are in various combinations of two key categories:
Consumer rights: This category concerns the right of a consumer to know what data a digital company collects, opt-out of any marketing or data collection materials, and request a company to delete their personally identifying data. Consumer rights laws also create provisions for users to pursue civil litigation when needed.
Business obligations: This type of legislation provides security guidelines for how a business collects and stores consumer data to prevent third-party breaches. States design the laws to enforce transparency and notice requirements (for instance, full disclosure if will be — or has been — sold to third parties), places limits on the type of data that companies can store, how long they can keep the information. Companies also need to follow specific procedures to notify users of any data breaches.
Despite clear bipartisan support for data privacy legislation, disagreements about implementation have stopped Congress from enacting a federal law. As a result, several states have created their regulations with different degrees of stringency. Some of the most prominent pieces of legislation are:
In 2019, Nevada's senate adopted a Privacy of Information Collected on the Internet from Consumers Act (PICIC), giving consumers in the state the right to opt-out of the collection of their personally identifying data. With the SB260 bill set to pass, the state seeks to broaden consumer privacy rights covered by the PICIC.
In 2020, the state of Vermont passed new laws that require all data brokers to alert consumers as soon as they find out that their personal information is leaked or has been breached.
After a one-month delay, Maine's data privacy law came into effect in August 2020. However, what makes the privacy law unique from other state regulations is that it targets Internet Service Providers specifically. Maine's law prevents ISPs from selling or sharing their customer data without their explicit consent.
In January 2021, New York's legislature introduced several data privacy bills. Among them is the New York Privacy Act, which replicates many of the EU's GDPR and gives consumers the right to private action. As a result, individuals in New York can bring lawsuits if they feel an entity violated their privacy rights instead of relying on the action by a governing body.
The Virginia House and Senate recently passed the Consumer Data Protection Act. The law applies to any entity that operates in the state and processes the personal data of 100,000 or more consumers or earns more than 50 percent of its gross revenue from processing, sale, or control of at least 25,000 consumers' data. The law gives consumers the right to "access, correct, delete, or obtain a copy of personal data, and opt-out of the processing of personal data for targeted advertising" and comes into full effect in January 2023.
With all the media hype surrounding iOS14, GDPR, and CCPA, you could easily miss the fact that there are more than 20 pieces of state legislation in various levels of enactment in the US. If your business depends on collecting user information for B2B and B2C marketing, you need to ensure that you keep data compliance and privacy in mind.
Onemata Corporation provides companies of all sizes with accurate, detailed, and actionable movement, business, and consumer data that helps you amplify your ad campaigns and offers valuable insights into your prospective market.
We offer data compliance services to help you navigate this complicated ever evolving world.
If you need third-party data for your business, get in touch today to get ahead of the compliance requirements to ensure you're not at risk of losing deals because of non-compliance.
by Mike Higgins
All you need is an email - even crabs have those. Ask, Kaunga! Schedule a demo and see how Onemata can help your company grow.