Do Privacy Laws Vary from State to State?


Sensitive data discovery tools make it possible for businesses to keep track of all of their data. Why does this matter? Because 64% of companies have been targeted by web-based attacks, and 62% were affected by phishing. These data security breaches cost businesses ransom, lost revenue, and damaged reputations. Data privacy regulation laws also hold businesses responsible if they don’t properly store the data they collect, and violations can result in hefty fines. 

But you can’t protect what you don’t know you have. Unstructured data—or data that is difficult to sort into databases—can be a thorn in your business’s side in terms of efficiency and security. Up to 90% of a business’s data is unstructured, and that includes information that’s stored as:

  • Email threads
  • Video and audio files
  • Text messages
  • Social media posts
  • Resumes
  • PDF files

These documents often contain personal information—for customers and employees—which can fall under the protection of data privacy laws. In this article, we’ll cover how to find out what the law is in your area and how you can regain control over your data.

What Personal Information Is Protected by Privacy Laws?

Consumer data privacy laws vary in what data they protect, but these laws tend to cover a person’s:

  • Health information
  • Name
  • Email address
  • Phone number
  • Home address
  • Social Security number
  • Credit card information
  • Online behavior

Privacy laws regulate what information companies can collect, how they must store it, if they can share it with third-party companies, and what data storage options individuals need to consent to. These laws also determine how long companies can store personal data for. 

Are Privacy Laws Federal or State?

In the United States, there is no overarching federal data privacy law. Instead, federal laws target specific types of data to protect. For example, The Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulates how health care providers must receive, maintain, and communicate individually identifiable health information. It is then up to individual states to pass more comprehensive privacy laws.

To get a better idea of what data is affected by federal and state laws, consider these privacy laws examples:

What Is the Personal Information Act?

Personal information that is collected by federal agencies is protected under the federal Privacy Act of 1974. This act grants individuals the rights to:

  • Access their data that has been collected and request corrections
  • Personal data that can’t be accessed by third parties without written consent
  • Exercising First Amendment rights without the federal government recording instances (with some exceptions)

California Consumer Privacy Act

The California Consumer Privacy Act of 2018 (CCPA) is often considered to be the GDPR US equivalent because of the scope of its protection of data for online consumers. The key difference, however, is that the General Data Protection Regulation (GDPR) covers the entirety of the European Economic Area, while the CCPA only regulates the state of California. The CCPA includes:

  • The right for consumers to delete personal information that was collected from them
  • The right for consumers to opt out of allowing their personal data to be sold to third parties
  • The right for consumers to know which personal data is collected and how it will be used and shared
  • The right for consumers to exercise their data protection rights without being discriminated against by businesses

The Illinois Personal Information Protection Act

Illinois’ Personal Information Protection Act (PIPA) requires public universities to notify individuals when their personal data may have been accessed by someone who shouldn’t be able to. This only covers information that is not publicly accessible, such as an individual’s:

  • Social Security number
  • Driver’s license identification number
  • Credit or debit information
  • Medical information
  • Biometric data such as fingerprints or retina images

For a comprehensive list of states with digital privacy laws, visit the National Conference of State Legislatures website or the website of the state you conduct business in. Work with your legal team to ensure you have a full understanding of the laws that apply to your business.

What Does This Mean for Your Business?

Properly storing the information your business collects doesn’t just help efficiency and security, it’s also often required by law. But when you consider that the average enterprise business manages over 347TB of data—the majority of which is unstructured—it’s easy to see how files containing sensitive information get misplaced.

That’s where DryvIQ’s automated data discovery tools come in. These tools work in the background to:

  • Identify data points in unstructured forms like resumes and text conversations
  • Label which data points different documents contain
  • Sort documents based on a variety of factors including data type and language
  • Manage access, so data can only be accessed by those who need it

45% of organizations lack the data governance they need to reduce litigation and data security risks. Your business doesn’t have to be among them. Learn more about unstructured data solutions and schedule a demo to see how DryvIQ can help.

Icon D DryvIQ logo