Data Privacy in the United States: Current Legislation and Predictions

Nov 14, 2019 | Tips and Best Practices

With hacking and data breaches on the rise in recent years, data privacy has become a more crucial issue than ever. Europe’s GDPR has set a standard for strict data privacy regulations all over the world, with many states in the U.S. following its example. While several individual states adopt their own data privacy laws and regulations, there has also been talk of data privacy legislation at a federal level.

In this blog, we’ll provide an overview of current data privacy legislation in the U.S., as well as upcoming legislation and predictions for the future. While the data privacy landscape is ever-evolving, FormAssembly is here to help our users stay protected, informed, and compliant in their pursuit of better quality data.

Current data privacy legislation in the United States

Following Europe’s GDPR, several states in the U.S. including California, Nevada, Illinois, and more have developed similar legislation. Here’s an overview of what to expect:


The California Consumer Privacy Act will go into effect on January 1, 2020. The CCPA is a new data privacy law that will more strictly regulate what organizations can do with the personal information they collect from customers. CCPA law gives Californians the right to acquire and request deletion of any personal information they’ve previously made available to an organization. This law will also give consumers the right to restrict an organization’s use of their private data.

The CCPA has no cap on penalties for non-compliance, so businesses who deal with customers in California must comply with the CCPA law before the enforcement date to avoid substantial fines.

Data privacy laws in other states

No matter which state you do business in, it’s important to be prepared to comply with upcoming data privacy laws. Several other states have already enacted similar data privacy laws in 2019, with many more expected in 2020. Here are some you should know about:

  • Illinois (SB 1624) – The Governor of Illinois is expected to sign an amendment to the Personal Information Protection Act, requiring businesses to notify the Attorney General of breaches involving at least 500 Illinois residents. This new data privacy law will also permit the Attorney General to publicize information about security breaches.
  • Maine (LD 946) – Maine’s new Act to Protect the Privacy of Online Consumer Information prohibits ISPs from using, selling, or distributing consumer data without their consent. The Act will take effect July 1, 2020.
  • Nevada (SB 220) – On May 29, 2019, the Governor of Nevada signed a bill to improve internet privacy for consumers by prohibiting the sale of customers’ private data. The new law went into effect on October 1, 2019.
  • New York (SB5575B) – New York has expanded the scope of protection under their data privacy law (SHIELD), establishing standards for businesses to protect consumer information. The law goes into effect March 21, 2020.
  • Oregon (SB 684) – Effective January 1, 2020, the Oregon Consumer Information Protection Act will expand some data breach notification rules to include vendors.
  • Texas (HB 4390) – Texas’ new data privacy law will be effective starting January 1, 2020. It establishes notification timeline requirements for breach notifications and also establishes a Texas Privacy Protection Advisory Council.
  • Washington (HB 1071) – Starting March 1, 2020, the definition of “personal information” is expanded in Washington, and businesses must send breach notifications.

Many other states have adopted or will adopt new data privacy laws in 2020. For additional information on these laws and other data privacy insights, be sure to check out our whitepaper, The State of Data Privacy in 2019.

Download The State of Data Privacy in 2019 Whitepaper


Predictions for upcoming data privacy laws

As we approach 2020, companies all over the United States should be prepared to comply with stricter data privacy standards. Several other states are expected to enact their own data privacy legislation, and there have even been talks of federal data privacy legislation in the years to come. Regardless of where your state stands, it’s crucial to put extra emphasis on data privacy moving forward to protect your organization and its customers.

How to prepare

When preparing for enforcement of these data privacy regulations, it’s important to make sure your data collection vendors meet the highest standards of data privacy and security. FormAssembly’s advanced data collection platform has helped organizations in all industries navigate strict security and compliance requirements. Our Compliance Cloud plan is compliant with CCPA law, HIPAA, GDPR, and several other data privacy regulations––learn more about it here. For further details on evolving regulations, get your copy of our State of Data Privacy whitepaper below.

Pin It on Pinterest

Share This