New White Paper: “The Complete Guide to Enterprise Risk Management” DOWNLOAD NOW
Listen to: "The Massachusetts Data Protection Act: Tightening Up Individual State Data Privacy Laws"

A year after the mad dash to achieve compliance before the May 25, 2018, enforcement deadline for the General Data Protection Regulation (GDPR) has passed, industry marketers reportedly feel generally confident about their organizations’ respective compliance levels.

While consumers report a marked increase in pop-up ads when visiting a company’s website, there have been few egregious complaints. Further, there have been no widespread broadcasts about companies incurring massive fines for non-compliance.

After the GDPR deadline passed, California soon introduced the California Consumer Privacy Act (CCPA), which is the toughest regulation on this side of the Atlantic Ocean.

Still relatively early in their respective enactments, both the GDPR and CCPA have both spurred the question of tighter data privacy laws in states across the U.S.

Several U.S. States Work to Follow the Lead of the GDPR and CCPA to Protect Consumer Data

While there is no overarching regulation across the United States that mimics the GDPR—or even the CCPA—several individual states are working toward developing their own data privacy laws on behalf of their consumer citizens.

Many states have already enacted their own data protection laws that apply to all businesses. These states are currently:

  • Arkansas
  • California
  • Colorado
  • Connecticut
  • Florida
  • Indiana
  • Kansas
  • Maryland
  • Massachusetts
  • Minnesota
  • Nevada
  • New Mexico
  • Oregon
  • Rhode Island
  • Texas
  • Utah

Each of these states have developed and adopted their own data protection laws that require companies that hold personal consumer information of state residents to protect that information.

Take a moment to look over a few of states’ approach to data protection in the United States.

California

California’s CCPA is one of the broadest and far-reaching data privacy acts in the U.S., featuring some key state-specific statutes and several requirements calling for organizations to develop and employ safeguards set to protect California’s residents.

Rhode Island

Rhode Island has passed its own Identity Theft Protection Act of 2015, which states that a person or business that collects, stores, processes, acquires, maintains, uses, or licenses personal information regarding a Rhode Island resident must adopt, implement and maintain reasonable security procedures. The requirements leave a great deal open to interpretation, such as the definition of “reasonable.”

Utah

The Utah Protection of Personal Information Act (UPPA) features a main provision that states that any business in the state maintaining personal information must develop, deploy and maintain reasonable procedures to protect data collected or maintained in the regular course of business. Similar to Rhode Island’s protection act, Utah’s UPPA leaves a lot of matters somewhat unclear to business owners and consumers alike.

The Commonwealth of Massachusetts Is Taking Data Protection to the Next Level

Massachusetts, along with Nevada, has the toughest state data protection law in the nation. The state’s Standards for the Protection of Personal Information of Residents of the Commonwealth provides that every person or business owning or licensing personal information regarding a resident of Massachusetts is required to develop, implement and maintain a comprehensive information security program, which includes the following:

  • Designating personnel to tend to the comprehensive information security program
  • Creating a means of detecting and preventing security system failures
  • Developing solid security policies for staff relating to the collection, storage, access and transportation of records and personal information outside of the physical business premises
  • Devising and imposing disciplinary actions for violations against the information security program
  • Protecting personal information from terminated employees by removing access privileges upon termination
  • Working with and overseeing service providers, or service organizations, requiring them to follow the client business’s security measures for personal information
  • And many others

Further, the Commonwealth of Massachusetts sets forth security requirements for organizations’ computer systems, which must contain the following, at a minimum:

  • Secure user authentication protocols
  • Secure access control measures
  • Encryption of all transmitted records and files
  • Reasonable monitoring systems
  • Encryption of all personal information stored on laptops and other portable devices
  • Reasonably up-to-date firewall protection
  • And much more

Massachusetts really has taken its focus on consumer data protection to the next level, especially compared to so many states that provide vague definitions and directives. Compliance may prove more challenging for businesses, but the residents are given full consideration for entrusting their data with Massachusetts’ businesses.

Certain U.S. Federal Regulations Fill in the Gaps Left Unprotected by State Data Privacy Laws

The development of individually designed and implemented state data privacy laws is ideal in protecting the state’s consumers, but many states are well on their way, just by recognizing the need and launching a plan. In the meantime, however, there are certain federal regulations that help stem the tide of potential data breaches and other issues with confidential consumer information.

Following are a few of the key regulations that can help you protect your state residents’ data until your state passes its own laws:

  • Health Insurance Portability and Accountability Act of 1996 (HIPAA) for the healthcare industry
  • Gramm-Leach-Bliley Act for the financial industry
  • New York State Department of Financial Services’ Cybersecurity Law for the insurance and financial services sectors

Even if a state does not have an official data protection act in place, or the existing one is still in progress, these industry-specific regulations can help serve as a guide.

Read about new developments in Colorado, Vermont, and California: States Are Leading Efforts to Improve U.S. Data Privacy.

Do You Need More Information on Your State’s Data Protection Laws?

Do you know just what your state requires of your business when it comes to protecting confidential consumer data in your care? Since some states’ acts contain a lot of gray areas, our team of data privacy experts at I.S. Partners can to help you understand their meaning better, or we can simply update you about the basic consumer protections for which you are responsible.

Call us at 215-675-1400, or request a quote so we can make sure you are compliant with your state’s regulations and that you have your customers’ data protected at all times.

Get Hassle-free Pricing in 3 Easy Steps

1
Request a quote using the form below
2
Allow us to create a customized plan
3
We'll get you an accurate, no-obligation quote
Untitled-1Asset 1Request a Quote Background

Request a Quote

Please fill out the fields below and one of our compliance specialists will contact you shortly. Want to speak to us now? Call us at (866) 642-2230

Request a Quote (Keep)

I.S. Partners is serious about privacy. We will never share your information with third parties. Please read our Privacy Policy for more information.

Sending

I.S. Partners uses cookies on this website in order to provide you with an enhanced user experience. For optimal performance, please accept cookies.

Your choice regarding cookies on this site