LEGAL MATTERS:  What Privacy Laws Do (and Don’t Do)

There are privacy laws being passed seemingly every day; however, there is no comprehensive national U.S. law and current laws are largely a patchwork of state and federal laws.

Since there are no federal privacy laws regulating the actions of many companies, they’re pretty much free to do what they want with your data, unless there is a state law governing its use.

  • In most states, companies can use, share, or sell any data they collect about you without notifying you that they’re doing so.
  • No national law standardizes when (or if) a company must notify you if your data is breached or exposed to unauthorized parties.
  • If a company shares your data, including sensitive information such as your health or location, with third parties (like data brokers), those third parties can further sell it or share it without notifying you.

Yikes! So why isn’t someone doing something about this? Well, California has what is probably the most comprehensive privacy law. The regulations allow a person to sue a company for violations. California also requires a “global opt out” to remove one’s data from sharing by device or browser, instead of being forced to opt out on each site individually. California is one of only three states with a comprehensive privacy policy. The others are Colorado and Virginia.

Beyond these, there is a hodgepodge of state privacy laws. Federal laws encompass an alphabet soup of laws covering specific data and situations, including: