The Landscape of the United States Information Security Privacy Acts: State Efforts to Protect Citizens

In the digital age, the protection of personal information has become a paramount concern. As data breaches and misuse of personal data become increasingly common, states across the United States have taken action to protect their citizens by implementing information security privacy acts. These acts aim to safeguard personal data, regulate its use, and provide recourse in the event of misuse. This article provides an overview of the privacy acts enacted by various states in the U.S.

California: California Consumer Privacy Act (CCPA)

The CCPA effective January 2020, grants California residents new rights regarding their personal information. It allows consumers to know what personal information is being collected about them, whether their personal information is sold or disclosed, and to whom. It also gives consumers the right to say no to the sale of personal information and access their personal information. Read More

Colorado: Colorado Privacy Act (CPA)

The CPA, signed into law in July 2021, provides Colorado residents with the right to access, correct, delete, or obtain a copy of their personal data. It also allows consumers to opt out of targeted advertising, the sale of their personal data, or automated profiling. Read More

Connecticut: Protection of Social Security Numbers and Personal Information

Connecticut law requires businesses to safeguard state residents' social security numbers and other personal information. It also mandates that businesses provide notice to consumers in the event of a data breach. Read More

Indiana: Protection of Social Security Numbers and Personal Information

Indiana's privacy laws protect residents by restricting using and disclosing social security numbers and other personal information. The law also requires businesses to implement reasonable procedures to protect the confidentiality of personal information. Read More

Iowa: Personal Information Security Breach Protection

Iowa's law requires organizations to implement reasonable security procedures and practices to protect personal information. Organizations must notify affected Iowa residents in the event of a data breach. Read More

Montana: Consumer Protection Act

Montana's Consumer Protection Act prohibits deceptive and unfair trade practices, including the misuse of personal information. The Act also provides remedies for consumers who have been victims of such practices. Read More

Illinois: Personal Information Protection Act (PIPA)

PIPA requires entities that handle personal information to notify Illinois residents if their personal information is breached. It also mandates that entities that own or license personal information implement reasonable security measures. Read More

Utah: Protection of Personal Information Act

Utah's Act requires organizations to implement and maintain reasonable security procedures to protect personal information. It also mandates notification to Utah residents in the event of a data breach. Read More

Tennessee: Tennessee Identity Theft Deterrence Act

Tennessee's Act prohibits the theft of personal information and provides for civil penalties for violations. It also allows consumers to place a security freeze on their credit report. Read More

Texas Privacy Protection Act (HB 3741)

The Texas Privacy Protection Act (HB 3741) was introduced in March 2021. This bill is similar to the California Consumer Privacy Act (CCPA) and the Virginia Consumer Data Protection Act (VCDPA), but it has its own unique elements. The bill provides Texas residents with the right to know what personal data businesses collect about them, the right to delete that data, and the right to opt-out of the sale of their personal data. The bill applies to businesses that collect personal data from more than 100,000 individuals, or businesses that earn more than 50% of their annual revenue from selling personal data and collect personal data from more than 25,000 individuals.

Sources:

• National Law Review
• JD Supra