Currently, over 130 countries have international data privacy laws in place to safeguard individuals’ data; with more countries, regions, and localities adding new ones in the coming years. These laws govern how people (“data subjects”) are informed about how their data is collected, used, and stored. They also give data subjects control over their information with the right to know what’s been collected and the power to request their data to be deleted.
Failure to comply can lead to serious consequences, including hefty fines, lawsuits, or even having your website blocked in certain locations. It might sound overwhelming, but it’s important for all website operators to familiarize themselves and stay up to date with data privacy laws.
To make things easier for you, this blog post outlines laws and regulations that are in effect in the U.S. 2023.
2023 U.S. Data Privacy Laws
Currently, there is no comprehensive national data protection law in the U.S. While The American Data Privacy Protection Act (ADPPA) has some support within the U.S. Federal Trade Commission, the bill still has a long road ahead with an unknown future.
“This bill establishes requirements for how companies, including nonprofits and common carriers, handle personal data, which includes information that identifies or is reasonably linkable to an individual.” – as summarized in the U.S. Library of Congress.
In the meantime, individual states have already passed or are in the process of passing new consumer data protection laws.
New State Data Privacy Laws in 2023
Effective | Law |
January 1 2023 | Virginia Consumer Data Protection Act (VCDPA) |
July 1, 2023 | Colorado Privacy Act (CPA) |
July 1, 2023 | Connecticut Data Privacy Act (CTDPA) |
December 31, 2023 | Utah Consumer Privacy Act (UCPA) |
Updated Data Privacy Laws in 2023
Data Compliance Regulatory Changes in the U.S. include the California Privacy Rights Act (CPRA) enacted January 1, 2023 which adds to the existing California Consumer Privacy Act (CCPA).
Effective | Law |
January 1, 2023 | California Privacy Rights Act (CPRA) |
March 17, 2023 | National Automated Clearing House Association (Nacha) rules |
Phase 2 changes to the National Automated Clearing House Association (Nacha) rules enacted on March 17, 2023 mandate that “originators of Micro-Entries will be required to use commercially reasonable fraud detection, including the monitoring of Micro-Entry forward and return volumes.” Phase 1 of the rule defined Micro-Entries as charges under $1.00 made for account verification purposes.
Laws enforced by the U.S. Federal Trade Commission
The U.S. Federal Trade Commission regulates on behalf of consumer protection. The Federal Trade Commission Act (FTC Act) is focused on preventing unfair or deceptive trade practices. As amended, the Commission is empowered under this Act to:
- Prevent unfair methods of competition, unfair or deceptive acts or practices in or affecting commerce.
- Obtain monetary redress and other relief for injurious conduct to consumers
- Prescribe rules and establish requirements designed to define and prevent unfair or deceptive practices
- Collect information and conduct investigations related to organizations, their business, practices, and management of entities engaged in commerce
- Build reports and make recommendations to Congress and the public.
Stay Compliant with New and Changing Data Security and Privacy Laws
Keeping up with new and evolving global, geographical, and industry mandated privacy and security regulations can be daunting. Secuvy can help you stay compliant with the numerous data privacy laws without manual processes or limited AI-based solutions. We can help you automate and operationalize regulatory compliance with the industry’s most comprehensive, robotic Data Subject Requests (DSRs) technology.