In the United States, there isn’t a singular law that covers the privacy of all types of data. A mix of laws, like HIPAA, FCRA, FERPA, GLBA, ECPA, COPPA, and VPPA, all contribute to how private data is handled. It is because of this that companies are free to do what they want with data, using, sharing, or selling information that is collected. There are currently just three states that have comprehensive data privacy laws, including California’s CCPA and CPRA, Virginia’s VCDPA, and Colorado’s ColoPA, but the rights the laws provide only apply to those living in the state. Other states, such as Massachusetts, New York, North Carolina and Pennsylvania, all have serious comprehensive consumer data privacy proposals in committee right now, while other states have varying laws in the early stages. Privacy experts say basic protections should be available in four areas: data collection and sharing rights, opt-in consent, data minimalization, and nondiscrimination and no-data-use discrimination.
