It seems like every day there is a new privacy scandal: too much data collected by ubiquitous apps, improper sharing of data with third parties, the use of data for nefarious purposes or just plain old data breaches. With this much going on, what are we to do? Instead of waiting for the indecision train in the federal legislature, U.S. states have decided to take matters into their own hands by proposing new privacy bills to protect the consumers of their states. While the bills all differ somewhat, if passed, they would all require updates to the Privacy Policies of businesses that need to comply with the laws.
At Termageddon, we keep track of these bills for you and automatically update your Privacy Policies when needed. We have created a state privacy bill tracker that will help you better understand the proposed bills and how they may affect your business. The privacy bill tracker discloses all bills that have been proposed by U.S. states that would affect Privacy Policy disclosures and business obligations. We do not include bills that have become law, nor bills that are dead. Here is a list of the laws that require you to have a Privacy Policy and that affect how that Privacy Policy is written.
State | Bill Citation | Bill Name | Privacy Policy changes | Business size limit | Consumers can sue | Right to access data | Right to delete data | Right to correct data | Right to restrict processing | Right to opt out | Opt-in consent required | Right to portability | Against automated decision making | Imposes fiduciary duty | Prohibits discrimination | Right to be forgotten |
Georgia | HB798 | Georgia Data Privacy Act | x | |||||||||||||
Georgia | S473 | Georgia Consumer Privacy Protection Act | x | x | x | x | x | x | x | x | x | x | ||||
Hawaii | SB1110/HB1497 | Consumer Data Protection Act | x | x | x | x | x | x | x | x | x | x | x | |||
Hawaii | SB 974 | Consumer Data Protection Act | x | x | x | x | x | x | x | x | x | x | ||||
Hawaii | S 3018 | Consumer Data Protection Act | x | x | x | x | x | x | x | x | x | x | ||||
Illinois | HB3385 | Illinois Data Privacy and Protection Act | x | x | x | x | x | x | x | x | x | x | ||||
Illinois | SB3517 | Illinois Privacy Rights Act | x | x | x | x | x | x | x | x | x | |||||
Kentucky | S15 | Consumer Data Privacy | x | x | x | x | x | x | x | x | x | x | ||||
Kentucky | HB24 | Consumer Data Privacy | x | x | x | x | x | x | x | x | ||||||
Louisiana | HB947 | Louisiana Consumer Privacy Act | x | x | x | x | x | x | x | x | x | |||||
Maine | SB807 | Maine Consumer Privacy Act | x | x | x | x | x | x | x | x | x | x | x | |||
Massachusetts | HD2281/SD 745 | Massachusetts Data Privacy Protection Act | x | x | x | x | x | x | x | x | x | x | x | |||
Massachusetts | HD3263/SD1971 | Massachusetts Information Privacy and Security Act | x | x | x | x | x | x | x | x | x | x | x | |||
Massachusetts | HD3245 | Internet Bill of Rights | x | x | x | x | x | x | x | x | x | x | x | |||
Michigan | SB659 | Michigan Personal Data Privacy Act | x | x | x | x | x | x | x | x | x | x | x | x | ||
Minnesota | SB950 | Consumer Data Privacy | x | x | x | |||||||||||
Minnesota | HB2309 | Minnesota Consumer Data Privacy Act | x | x | x | x | x | x | x | x | x | x | x | |||
Nebraska | LB 1294 | Data Privacy Act | x | x | x | x | x | x | x | x | x | x | ||||
New York | S2277 | Digital Fairness Act | x | x | x | x | x | x | x | |||||||
New York | SB365 | New York Privacy Act | x | x | x | x | x | x | x | x | x | x | x | |||
New York | SB3162 | Consumer Right to Request Disclosure of Information | x | x | x | x | x | |||||||||
New York | AB4374 | Personal Information Collection | x | x | x | x | x | x | x | |||||||
North Carolina | SB525 | North Carolina Consumer Privacy Act | x | x | x | x | x | x | x | x | ||||||
Oklahoma | HB 1030 | Oklahoma Computer Data Privacy Act | x | x | x | x | x | x | x | x | x | |||||
Pennsylvania | HB708 | Consumer Data Protection Act | x | x | x | x | x | x | x | x | x | x | ||||
Pennsylvania | HB1201 | Consumer Data Privacy Act | x | x | x | x | x | x | x | x | x | x | ||||
Pennsylvania | HB1947 | Consumer Data Privacy Act | x | x | x | x | x | x | x | x | x | x | ||||
Pennsylvania | SB1279 | Pennsylvania Consumer Data Privacy Act | x | x | x | x | x | x | x | x | x | x | ||||
Washington | HB 1616 | People’s Privacy Act | x | x | x | x | x | x | x | x | x | x | x | x | ||
Vermont | HB121 | x | x | x | ||||||||||||
Vermont | SB 269 | Vermont Data Privacy Act | x | x | x | x | x | x | x | x | x | x | ||||
West Virginia | HB 5112 | Consumer Data Protection Act | x | x | x | x | x | x | x | x | x |
We update this post periodically when new bills are proposed, when bills die and when bills are passed into law.
Click here for a link to our google spreadsheet of US State Privacy Bill Tracker.
We classified the bills into a chart to make it all easier to understand. Here is an explanation of the factors against which each bill is weighed:
- Privacy Policy changes: this bill would require changes to the Privacy Policies of companies that it applies to;
- Business size limit: this bill applies to businesses of a certain size. For example, some of the bills apply to businesses that make millions of dollars in revenue or collect the personal information of a certain number of that state’s citizens;
- Consumers can sue: this bill allows consumers to sue the business if they violate this law. Note that some of these bills allow consumers to sue if their private information was breached but our privacy tracker does not note this as we’re a Privacy Policy company, not a breach mitigation company;
- Right to access data: consumers have the right to see the specific pieces of data that the company has collected about them;
- Right to delete data: consumers have the right to request that the business delete their personal data;
- Right to correct data: consumers have the right to request that the business correct their incorrect data or complete their incomplete data;
- Right to restrict processing: consumers have the right to limit how businesses use their data.
- Right to opt out: consumers have the right to say no to the sharing or selling of their data.
- Opt-in consent required: consumers have to affirmatively allow the business to collect, use, sell or share their data.
- Right to portability: consumers have the right to receive their personal data that the business has collected on them in an electronic, commonly-used, machine structured format.
- Against automated decision making: the bill restricts a businesses’ ability to make certain decisions by solely automated means, without any human involvement.
- Imposes fiduciary duty: the bill obligates a business to act solely in the best interest of the consumer and not the business when it comes to that consumer’s data.
- Prohibits discrimination: the bill prohibits businesses from discriminating against consumers that exercise their rights by charging higher prices or by providing inferior quality service or products.
As the proposed bills are always changing, make sure to check this post often to keep up to date! Or don’t, we’ll update your policies automatically for you when the bills become law if you use our Privacy Policy Generator.
Here are links to each respective proposed privacy bill:
- Georgia – GA HB798;
- Georgia – GA S473;
- Hawaii – HI SB1110/HB1497;
- Hawaii – HI SB 974;
- Hawaii – HI S 3018;
- Illinois – IL HB3385;
- Illinois – IL SB3517;
- Kentucky – KY S 15;
- Kentucky – HB24;
- Louisiana – LA HB947;
- Massachusetts – MA HD2281/SB745;
- Massachusetts – MA HD3263/SD1971;
- Massachusetts – MA HD3245
- Michigan – MI SB659
- Minnesota – MN SF950;
- Minnesota – MN HB2309;
- Nebraska LB 1294;
- New York – NY S2277;
- New York – NY SB365;
- New York – NY SB3162;
- New York – NY AB4374;
- North Carolina – NC SB525;
- Oklahoma – OK HB1030;
- Pennsylvania – PA HB708;
- Pennsylvania – PA HB1201;
- Pennsylvania – PA HB1947;
- Pennsylvania – PA SB1279;
- Vermont – VT HB121
- Vermont – VT SB 269
- Washington – WA HB1616;
- West Virginia – WV HB5112;
Team Termageddon