It is no secret that many companies can profit from your data. Each day, consumer data is sold between companies all around the world. This exchange increases the possibility of your data falling into the wrong hands.
Your data is valuable for a reason, it provides key insights about how to best advertise to you, the ability to hone in on your location, valuable demographic information, and more.
Most internet users are unaware of just how little regulation there is for sites you share your information with.
Unfortunately in most states, the responsibility of maintaining privacy falls upon the user. However, it is very difficult for consumers to refrain from sharing information with the websites they interact with. Habits embedded in most people's lives such as online shopping and social media usage leave vulnerabilities. These vulnerabilities can cost users up to $500 per cybersecurity breach.
In this article, we will investigate the current state and federal privacy regulations as well as the future of data privacy legislation in the United States.
Current Federal Regulation
Currently, there are no federal laws that protect users' general information. Instead, there are specific regulations like the Health Insurance Portability Act, Family Educational Rights and Privacy Act, and the Fair Credit Reporting Act, that protect specific types of sensitive user data. These laws are largely outdated and are not comprehensive by any means.
This means that nothing is preventing your data from being used by companies for their gain. Corporations do not need to disclose what they are doing with the data they are collecting from you. Further, if a company shares your data with third parties, you are not notified, and those third parties do not need to tell you how they are using your information.
Since federal regulation of citizens' cybersecurity is so weak, the duty falls onto the states to decide what rights their residents will have. Unfortunately for a majority of Americans, many states have not taken the initiative to pass protective laws.
Today, only six states have comprehensive user cybersecurity laws: California, Virginia, Colorado, Utah, Virginia, and Connecticut. These laws are not identical, but they are formed based on common values. These values include telling users if their data is being sold and enabling users to access, change, and/or delete their data from a website.
California has been the leader in the data privacy space, they were the first state to pass data privacy regulation and have also given residents grounds to sue companies over the misuse of their data. Other aforementioned states could also be seen as leaders for privacy legislation, however, the bills passed by other states were significantly weaker than California's. In the specific case of Virginia, this bill was largely written in collaboration with Amazon.
States like Michigan, New Jersey, Ohio, and Pennsylvania are in the process of passing consumer privacy laws that provide general protection. We will likely see more states draft privacy laws in the future.
Even though this state action is promising, there are some critical barriers in the way of America's online security. Primarily, there are still many states that have not taken any sort of action on the issue. Second, laws that are written are not guaranteed to pass, so drafted privacy bills may never see the light of day. Finally, most state-level regulations that are currently in place are much weaker than California's comprehensive bill. So while it seems like many more people are protected now, there are still vulnerabilities.
The map below was made with data from the International Association of Privacy Professionals (IAPP) and shows the progress of privacy legislation in each state.
Recently, the House of Representatives and the Senate have released the American Data Privacy and Protection Act. This act would supersede state laws and, if passed, would prevent the collection and transfer of non-vital user information. This would protect sensitive data such as Social Security Numbers, biometric information, genetic information, browsing history, and locational information. All of which are not currently protected under any federal laws.
This bill would be revolutionary for privacy in the United States. With this act in place, Americans would be better protected against threats like identity theft which occurs once every 22 seconds in the United States. Given that the internet has become a vital part of American life, online privacy regulation on the federal level is vital for the security of Americans.
Until then, consumers must be diligent about the places in which they trust their personal information. At DataSeal, we work to protect your information from being publically available on over 75 people search websites. We are passionate about your privacy. Our service provides you with valuable security tips and notifies you about security breaches that may have leaked your personal data.