Story updated with information on California’s Delete Request and Opt-Out Platform. Data privacy has become a major policy concern with strong, bipartisan backing across the country. Red states such as Texas and Tennessee, along with Blue states like California and Colorado, are among the 17 states that have enacted laws governing how companies manage consumers’ personal information. Yet, Congress still hasn’t passed a comprehensive federal privacy law. For marketers, that means dealing with at least 17 different regulatory frameworks. While these state laws share core elements — such as giving consumers the right to access, delete and opt out of the sale of their personal information (PI) — they also differ in important ways, including scope, terminology and compliance obligations. As more states pass their own rules, it’s likely that one or more will adopt requirements that diverge sharply from existing models. That will be a serious challenge for MOps teams.
Dig deeper: MarTech’s Guide to GDPR — The General Data Protection Regulation
Below is a list of state data privacy laws, with short summaries of who is covered and what each law requires. We are not attorneys, so you should review the actual statutes and, if needed, consult legal counsel to ensure you are compliant when doing business in those states.
Table of contents
States with data privacy laws
California Consumer Privacy Act
California’s Delete Request and Opt-Out Platform
Virginia Consumer Data Protection Act
Colorado Privacy Act
Connecticut Data Privacy Act
Utah Consumer Privacy Act
Oregon Consumer Privacy Act
Montana Consumer Data Privacy Act
Iowa Data Privacy Act
Texas Data Privacy and Security Act
Delaware Personal Data Privacy Act
New Hampshire Consumer Data Privacy Act
New Jersey Consumer Data Privacy Act
Minnesota Data Privacy…