In response to mounting pressure from citizens, state and federal entities are creating new laws to protect data security and privacy. Hundreds of bills that also include notifications of data breaches are in progress across the US.

One of the biggest in its scope is the California Consumer Privacy Act (CCPA). The CCPA was signed into law in June of 2018, but only took effect on January 1st, 2020.  The legislation is largely modeled after the European Union’s General Privacy Data Protection Regulation (GDPR). These laws are meant to improve consumers’ control and right to know about how businesses collect and use their personal data. Specifically, the legislation’s provisions “grant a consumer a right to request a business to disclose the categories and specific pieces of personal information that it collects about the consumer, the categories of sources from which that information is collected, the business purposes for collecting or selling the information, and the categories of 3rd parties with which the information is shared.”

Another piece of legislation that took effect in October of 2019 is the Nevada Senate Bill 220 Online Privacy Law. While CCPA is grabbing more attention, Bill 220 is the first in the US to give consumers the right to decline the sale of their personal data. Bill 220 amended pre-existing privacy law to include that businesses must offer consumers the option to opt-out of the sale of their personal data. Violations of Bill 220 can result in fines of up to $5,000 per violation, and the attorney general’s office has the power to take legal action for violations so long as they give violators a 30-day window in which to address the issues.

Lastly, the Maine Act to Protect the Privacy of Online Consumer Information was signed into law in June of 2019 and will take effect on July 1st, 2020. The new legislation prohibits broadband internet access providers from “using, disclosing, selling or permitting access to customer personal information unless the customer expressly consents to that use, disclosure, sale or access.”

To learn more about 11 new state privacy and security laws across the US, see this article from CSO Online.