Skip to Main Content

Latest in data privacy protection legislation

data privacy protection legislation for consumers

Despite being a leader in information technology, the United States does not have one comprehensive law in place regarding data protection. Many states have been working independently to establish laws in the meantime, with one major piece of legislation in California taking effect in January of this year.

The California Consumer Privacy Act (CCPA) gives state residents the right to know what personal data is being collected, whether that data is sold or disclosed and to whom, disallow the sale of their personal data, and request deletion of personal data. The CCPA applies to any corporate entity that does business in California and meets specific revenue thresholds.

If you’ve noticed websites asking you to review their revised security policies, this bill is likely the catalyst. As reported by Aaron Mak in Slate, “Since it’s a lot more work to create a separate infrastructure just for California residents to opt out of the data collection industry, these requirements will transform the internet for everyone.”

In short, though the law was only passed in one state it has had sweeping impacts across the country – and beyond. Certain companies, including Microsoft, have decided to accept the CCPA protections to all United States and European Union customers. 

From a legal perspective, however, only Californians have the legal right to act on the CCPA. Residents of other states will have to check updated privacy policies closely to determine if a business has decided to apply the rights to those in states outside of California.

Vermont passed a similar law in 2018 that focused on protecting individuals from having their personal information misused by data brokers, which are businesses that collect and sell or license personal information to third parties.

The law requires data brokers to register with the state and to indicate if consumers may opt out of data collection, if they have a process to validate data purchasers, and how many security breaches they have experienced. Additionally, the data brokers are required to have comprehensive security strategies and may not collect data via fraudulent means.

Maryland legislators are currently reviewing several bills proposed this legislative session that protect consumers’ personal data and hold corporations that collect this data to stricter standards. These bills include: 

Most other states have at least some form of privacy legislation in flight. However, at the nationwide level, a comprehensive law regarding data protection in the modern era has not been set forward.

Certain existing national laws protect specific elements of personal information, but not all. The Health Insurance Portability and Accountability Act (HIPAA) protect elements of personal information relating to health care data. The Children’s Online Privacy Protection Act (COPPA) protects the personal data of children under the age of 13.

As more and more states begin to enact legislation and more consumers become concerned with what is happening with their data we will likely see federal privacy legislation proposed. In the meantime, consumers should always be aware of what they share online and what security those websites have in place.

Want to learn about cybersecurity? Capitol offers bachelor’s, master’s and doctorate degrees in cyber and information security. Many courses are available both on campus and online.To learn more about Capitol’s degree programs, contact