Bring together all your US Compliance needs with a single solution. Easily provide privacy disclosures for a straightforward approach to compliance.
The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) safeguard Californian residents' personal info. CCPA, established in 2020, grants rights like data transparency and opt-out choices. CPRA, also introduced in 2020, enhances data regulations and adds new rights, overseen by a new agency.
These laws apply to businesses handling residents' personal info, encompassing activities like collection, use, or sharing of data. Businesses must meet specific criteria, which include:
● Annual revenue of $25 million or more
● Info collection from 50,000+ residents annually
● Generating over 50% revenue from selling personal info
The Virginia Consumer Data Protection Act (VCDPA) safeguards Virginian consumers' data. It applies to businesses with data from over 100,000 consumers or 25,000 consumers with 50% revenue from data sales. VCDPA enhances consumer control, mandates consent and data protection. It's relevant to businesses handling Virginia residents' data, enforcing security and breach reporting overseen by the Virginia Attorney General. Non-compliance risks fines up to $7,500 per violation.
Introducing the Colorado Privacy Act (CPA): a game-changer for businesses handling personal data in Colorado. Effective since July 1, 2023, CPA empowers individuals to reject targeted ads and control data trading. It applies to Colorado businesses serving residents and meeting criteria such as:
● Handling info of over 100,000 individuals annually
● Benefiting from selling info of 25,000+ people.
Exceptions include HIPAA, Gramm-Leach-Bliley Act, and FERPA.
Introducing the Connecticut Data Privacy Act (CTDPA): a comprehensive state-wide privacy law that amplifies control over personal information for Connecticut residents. Mandating rules for in-state organizations, the CTDPA, approved on May 10, 2022, became effective on July 1, 2023. This impactful law directly impacts businesses within Connecticut or those targeting its residents. To come under its scope, a business must have:
● Managed personal data of over 100,000 consumers (excluding payments), or
● Managed data of at least 25,000 consumers while generating over 25% earnings from personal data sales.
The Utah Consumer Privacy Act (UCPA) is designed to protect the personal information of Utah residents. This legislation, introduced in 2023, aims to provide rights such as data transparency, access, and control over personal data. The UCPA establishes requirements for businesses that process Utah residents' personal information, including activities like collecting, using, or sharing data. Key criteria for businesses to be subject to UCPA include:
● Annual revenue of $25 million or more
● Processing the personal data of 100,000 or more Utah residents annually
● Earning over 50% of revenue from the sale of personal information
● Right to receive notifications and be informed about the personal data collected by a business, its usage, and sharing
● Right to have their collected personal data deleted by a business.
● The right to opt-out of their personal data being sold by a business.
● The right to not face discrimination for using their consumer rights as per CCPA.
For CCPA compliance, businesses must disclose how they gather, use, and store personal data of Californian residents. This entails having a CCPA-specific privacy policy accessible to consumers. The policy should detail collected personal data, its use, sharing practices, and consumers' CCPA rights along with procedures to exercise them.
Non-compliance with the UCPA can lead to enforcement actions by the Utah Division of Consumer Protection. If a business fails to adhere to the UCPA's requirements, it may be subject to investigations and penalties. Usually, businesses are given a grace period to address and correct any violations after they are identified.
For CCPA compliance, businesses must disclose how they gather, use, and store personal data of Californian residents. This entails having a CCPA-specific privacy policy accessible to consumers. The policy should detail collected personal data, its use, sharing practices, and consumers' CCPA rights along with procedures to exercise them.
Businesses can face fines of up to $7500 per violation, including attorney fees. There's a 30-day window to fix violations before the Virginia Attorney General steps in. The CDPA allows for recovering legal fees and investigative costs. Violations don't have to be intentional. Unlike California's CCPA, there's no private right of action.
The Colorado Privacy Act classifies sensitive data as a separate category of personal information. This category includes data that could reveal various traits of a consumer, such as race, sexual orientation, religious belief, citizenship or citizenship status, genetic or biometric data, as well as personal data from a child under the age of 13.
CTDPA defines personal data as info reasonably identifying an individual, like name, email, phone number, financial details, and logins. Deidentified, aggregated, or publicly available data isn't considered personal data.