Data Privacy in the United States: 2020 Legislation and Predictions


Join our newsletter!

Receive the latest data collection news in your inbox.

With hacking and data breaches on the rise in recent years, U.S. data privacy legislation has become a more crucial issue than ever. Europe’s GDPR has set a standard for strict data privacy regulations all over the world, with many states in the U.S. following its example. While several individual states adopt their own data privacy laws and regulations, there has also been talk of U.S. data privacy legislation at a federal level.

In this blog, we’ll provide an overview of U.S. data privacy legislation as well as upcoming legislation and predictions for the future. While the U.S. data privacy legislation landscape is ever-evolving, FormAssembly is here to help our users stay protected, informed, and compliant in their pursuit of better-quality data.

Current data privacy legislation in the United States

Following Europe’s GDPR, several states in the U.S. including California, Nevada, Illinois, and more have developed similar legislation. Here’s an overview of what to expect:


The California Consumer Privacy Act went into effect on January 1, 2020, with official enforcement to begin in July following a six-month grace period. The CCPA is a new data privacy law that will more strictly regulate what organizations can do with the personal information they collect from customers. The CCPA data privacy law gives Californians the right to acquire and request deletion of any personal information they’ve previously made available to an organization. This law will also give consumers the right to restrict an organization’s use of their private data.

The CCPA has no cap on penalties for non-compliance, so businesses who deal with customers in California must comply with the CCPA law before the enforcement date to avoid substantial fines.

Data privacy laws in other states

No matter which state you do business in, it’s important to be prepared to comply with upcoming data privacy laws. Several other states enacted similar data privacy laws in recent years, with many more expected in the years to come. Here are some you should know about:

  • Illinois (SB 1624) – The Governor of Illinois signed an amendment to the Personal Information Protection Act, requiring businesses to notify the Attorney General of breaches involving at least 500 Illinois residents. This new data privacy law will also permit the Attorney General to publicize information about security breaches.
  • Maine (LD 946) – Maine’s new Act to Protect the Privacy of Online Consumer Information prohibits ISPs from using, selling, or distributing consumer data without their consent. The Act is effective as of July 1, 2020.
  • Nevada (SB 220) – On May 29, 2019, the Governor of Nevada signed a bill to improve internet privacy for consumers by prohibiting the sale of customers’ private data. The new law went into effect on October 1, 2019.
  • New York (SB5575B) – New York has expanded the scope of protection under their data privacy law (SHIELD), establishing standards for businesses to protect consumer information. The law is effective as of March 21, 2020.
  • Oregon (SB 684) – Effective January 1, 2020, the Oregon Consumer Information Protection Act will expand some data breach notification rules to include vendors.
  • Texas (HB 4390) – Texas’ new data privacy law has been in effect since January 1, 2020. It establishes notification timeline requirements for breach notifications and also establishes a Texas Privacy Protection Advisory Council.
  • Washington (HB 1071) – Starting March 1, 2020, the definition of “personal information” is expanded in Washington, and businesses must send breach notifications.

Many other states have adopted or will adopt new data privacy laws. For additional information on these laws and other data privacy insights, be sure to check out our whitepaper, The State of Data Privacy in 2019.

Predictions for upcoming data privacy laws

In the months and years to come, companies all over the United States should be prepared to comply with stricter data privacy standards. Several other states are expected to enact their own U.S. data privacy legislation, and there have been talks of potential federal data privacy legislation. Regardless of where your state stands, it’s crucial to put extra emphasis on data privacy moving forward to protect your organization and its customers.

How to prepare

When preparing for enforcement of U.S. data privacy legislation, it’s important to make sure your data collection vendors meet the highest standards of data privacy and security. FormAssembly’s advanced data collection platform has helped organizations in all industries navigate strict security and compliance requirements. 

We help our customers comply with evolving privacy regulations by providing educational information and by handling our own data ethically. FormAssembly is compliant with the CCPA, HIPAA, GDPR, and several other privacy regulations. Are you ready to improve data privacy within your organization? Give our Compliance Cloud plan a try today. For further details on CCPA compliance, get your copy of our CCPA Compliance Checklist below.

Don’t just collect data
— leverage it