Bring together all your US Compliance needs with a single solution. Easily provide privacy disclosures for a straightforward approach to compliance.
The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) safeguard Californian residents' personal info. CCPA, established in 2020, grants rights like data transparency and opt-out choices. CPRA, also introduced in 2020, enhances data regulations and adds new rights, overseen by a new agency.
These laws apply to businesses handling residents' personal info, encompassing activities like collection, use, or sharing of data. Businesses must meet specific criteria, which include:
● Annual revenue of $25 million or more
● Info collection from 50,000+ residents annually
● Generating over 50% revenue from selling personal info
The Virginia Consumer Data Protection Act (VCDPA) safeguards Virginian consumers' data. It applies to businesses with data from over 100,000 consumers or 25,000 consumers with 50% revenue from data sales. VCDPA enhances consumer control, mandates consent and data protection. It's relevant to businesses handling Virginia residents' data, enforcing security and breach reporting overseen by the Virginia Attorney General. Non-compliance risks fines up to $7,500 per violation.
Introducing the Colorado Privacy Act (CPA): a game-changer for businesses handling personal data in Colorado. Effective since July 1, 2023, CPA empowers individuals to reject targeted ads and control data trading. It applies to Colorado businesses serving residents and meeting criteria such as:
● Handling info of over 100,000 individuals annually
● Benefiting from selling info of 25,000+ people.
Exceptions include HIPAA, Gramm-Leach-Bliley Act, and FERPA.
Introducing the Connecticut Data Privacy Act (CTDPA): a comprehensive state-wide privacy law that amplifies control over personal information for Connecticut residents. Mandating rules for in-state organizations, the CTDPA, approved on May 10, 2022, became effective on July 1, 2023. This impactful law directly impacts businesses within Connecticut or those targeting its residents. To come under its scope, a business must have:
● Managed personal data of over 100,000 consumers (excluding payments), or
● Managed data of at least 25,000 consumers while generating over 25% earnings from personal data sales.