Explore consumer rights and business requirements across enacted US privacy laws and see how our Privacy and Data Governance Cloud can help.
Simplify US privacy law compliance
The current US privacy landscape is complex. Some states have fully enacted comprehensive data privacy laws while others vary in legislation maturity.
We’re here to simplify your compliance journey and support you in protecting personal data while building trust with your customers.
How OneTrust supports consumer rights and compliance
Right to access, correction, deletion and portability
Fulfilling consumer requests all starts with having an appropriate intake method for consumers to make requests to access, correct, delete, or transmit their data. Explore the chart below to see which enacted US privacy laws require these rights.
Note: Cells with an 'X' indicate the corresponding law requires that particular right.
Processing personal rights requests can be time consuming for the business. OneTrust Privacy Rights Automation expedites the entire DSAR fulfillment process by:
- Streamlining intake across your different touchpoints
- Simplifying identity verification and data discovery
- Automating the redaction and response process
Right to opt-out and limit use
Organizations that utilize the advertising ecosystem will have to pay particular attention to opt-out requests. Explore the chart below to see which enacted US privacy laws specify opt-out, right to use, and disclosure requirements.
| Right to opt-out | Right to limit use and disclosure | |||
|---|---|---|---|---|
| Sale | Profiling | Targeted advertising | Sensitive personal information | |
| California: CPRA | X | X | X | X |
| Colorado | X | X | X | Opt-in required |
| Connecticut | X | X | X | Opt-in required |
| Delaware | X | X | X | Opt-in required |
| Florida | X | X | X | Opt-in required |
| Indiana | X | X | X | Opt-in required |
| Iowa | X | X | X | |
| Montana | X | X | X | Opt-in required |
| Oregon | X | X | X | Opt-in required |
| Tennessee | X | X | X | |
| Texas | X | X | X | Opt-in required |
| Utah | X | X | ||
| Virginia | X | X | X | Opt-in required |
Note: Cells with an 'X' indicate the corresponding law requires that particular right.
Our Consent and Preferences solution operationalizes opt-outs by:
- Automatically identifying third-party trackers
- Delivering a consumer-first preference center where preferences can be changed at any time and applied across all touchpoints
- Enforcing opt-outs and processing limitations based on preferences and opt-out requirements
Right to notice and transparency
All enacted US privacy laws require notice and transparency be provided to those covered under the law. OneTrust Digital Policy Management helps by enabling you to centrally manage policies across digital assets.
- Schedule automatic website and mobile app scans to trigger policy updates
- Use pre-built templates and sync the latest updates across your web and app properties
Risk assessments
All enacted US privacy laws (aside from Iowa and Utah) require formal risk assessments of privacy and/or security projects or procedures. OneTrust PIA & DPIA Automation integrates with your existing business processes, giving you real-time comprehensive risk discovery and actionable insights for risk mitigation. In addition to streamlining the assessment process, our Privacy Management solution also equips you with the tools to improve your privacy program. Privacy awareness training, third-party risk management, and privacy and security incident management are available to unify and optimize your data privacy program activities.
You might also like
Webinar
Privacy Management
The road to privacy compliance: A spotlight on Oregon & Delaware legislation
We explore the new Oregon and Delaware privacy laws, how they differ from other US privacy laws, and what they mean for your business.
September 14, 2023
Regulation Book
Privacy Management
Utah Consumer Privacy Act law book
Download the Utah Consumer Privacy Act law book and have the official UCPA text at your fingertips for when the law takes effect on December 31, 2023.
September 04, 2023
Blog
Privacy Management
The road to 50 states: Delaware and Oregon join the US privacy landscape
Get in-depth analysis on two upcoming US Privacy laws, the Oregon Consumer Privacy Act (OCPA) and the Delaware Personal Data Privacy Act (DPDPA), with OneTrust DataGuidence and a panel of experts.
August 10, 2023
FAQs
We’re here to help demystify US data privacy regulations. Explore answers to frequently asked questions below.
More than 10 states have enacted comprehensive privacy laws. Many others have introduced bills for committee evaluation. In addition to comprehensive state-level laws, the US also has privacy laws that govern specific types of data. For example, HIPAA is a federal law that protects sensitive patient health information and COPPA protects children’s online privacy.
Explore the DataGuidance US privacy tracker to learn more about emerging and new laws.
The EU’s General Data Protection Regulation (GDPR) focuses on a person’s right to privacy whereas much of the US legislation focuses on the data security safeguards of consumers and employees. Regardless of whether your business is located in the EU or US, or other countries with data privacy laws, if data is processed across borders, relevant privacy and data protection laws apply.
Our Privacy and Data Governance Cloud can simplify how you comply with the various requirements of privacy regulations.
Ready to get started?
Request a free demo today to see how OneTrust can guide your US privacy compliance journey.
