Explore consumer rights and business requirements across enacted US privacy laws and see how our Privacy and Data Governance Cloud can help.
The current US privacy landscape is complex. Some states have fully enacted comprehensive data privacy laws while others vary in legislation maturity.
We’re here to simplify your compliance journey and support you in protecting personal data while building trust with your customers.
Explore consumer rights and business requirements across enacted US privacy laws and see how our Privacy and Data Governance Cloud can help.
Fulfilling consumer requests all starts with having an appropriate intake method for consumers to make requests to access, correct, delete, or transmit their data. Explore the chart below to see which enacted US privacy laws require these rights.
Note: Cells with an 'X' indicate the corresponding law requires that particular right.
Processing personal rights requests can be time consuming for the business. OneTrust Privacy Rights Automation expedites the entire DSAR fulfillment process by:
Organizations that utilize the advertising ecosystem will have to pay particular attention to opt-out requests. Explore the chart below to see which enacted US privacy laws specify opt-out, right to use, and disclosure requirements.
Right to opt-out | Right to limit use and disclosure | |||
---|---|---|---|---|
Sale | Profiling | Targeted advertising | Sensitive personal information | |
California: CPRA | X | X | X | X |
Colorado | X | X | X | Opt-in required |
Connecticut | X | X | X | Opt-in required |
Delaware | X | X | X | Opt-in required |
Florida | X | X | X | Opt-in required |
Indiana | X | X | X | Opt-in required |
Iowa | X | X | X | |
Montana | X | X | X | Opt-in required |
Oregon | X | X | X | Opt-in required |
Tennessee | X | X | X | |
Texas | X | X | X | Opt-in required |
Utah | X | X | ||
Virginia | X | X | X | Opt-in required |
Note: Cells with an 'X' indicate the corresponding law requires that particular right.
Our Consent and Preferences solution operationalizes opt-outs by:
All enacted US privacy laws require notice and transparency be provided to those covered under the law. OneTrust Digital Policy Management helps by enabling you to centrally manage policies across digital assets.
All enacted US privacy laws (aside from Iowa and Utah) require formal risk assessments of privacy and/or security projects or procedures. OneTrust PIA & DPIA Automation integrates with your existing business processes, giving you real-time comprehensive risk discovery and actionable insights for risk mitigation. In addition to streamlining the assessment process, our Privacy Management solution also equips you with the tools to improve your privacy program. Privacy awareness training, third-party risk management, and privacy and security incident management are available to unify and optimize your data privacy program activities.
Webinar
We explore the new Oregon and Delaware privacy laws, how they differ from other US privacy laws, and what they mean for your business.
Regulation Book
Download the Utah Consumer Privacy Act law book and have the official UCPA text at your fingertips for when the law takes effect on December 31, 2023.
Blog
Get in-depth analysis on two upcoming US Privacy laws, the Oregon Consumer Privacy Act (OCPA) and the Delaware Personal Data Privacy Act (DPDPA), with OneTrust DataGuidence and a panel of experts.
We’re here to help demystify US data privacy regulations. Explore answers to frequently asked questions below.
More than 10 states have enacted comprehensive privacy laws. Many others have introduced bills for committee evaluation. In addition to comprehensive state-level laws, the US also has privacy laws that govern specific types of data. For example, HIPAA is a federal law that protects sensitive patient health information and COPPA protects children’s online privacy.
Explore the DataGuidance US privacy tracker to learn more about emerging and new laws.
The EU’s General Data Protection Regulation (GDPR) focuses on a person’s right to privacy whereas much of the US legislation focuses on the data security safeguards of consumers and employees. Regardless of whether your business is located in the EU or US, or other countries with data privacy laws, if data is processed across borders, relevant privacy and data protection laws apply.
Our Privacy and Data Governance Cloud can simplify how you comply with the various requirements of privacy regulations.