Back to overview
05. March 2021

Which U.S. States Have Data Privacy Laws That Affect Your Business?

Data privacy has become a major concern for consumers and corporations. And with massive data breaches on the rise, the calls for increased data privacy legislation continue to grow.

Data privacy has become a major concern for consumers and corporations. With massive data breaches on the rise, the calls for increased data privacy legislation continue to grow. In the absence of federal data privacy laws, individual states have stepped up to fill the void, like California, Nevada, Maine and Massachusetts. More states are considering passing data privacy legislation, and Aparavi is ready to help your business stay compliant.

California’s CCPA and CPRA

California was the first state to pass a comprehensive data privacy law. The California Consumer Privacy Act, or CCPA, was approved in 2018. It was subsequently amended and expanded by the CPRA in the 2020 general election as a ballot initiative called Proposition 24.

This law is still the most extensive one in the United States. It grants citizens several key rights, such as the right to know what information you have on Californian residents and the right to delete or rectify that information. Being able to respond to these requests is key, as the CPPA (a new enforcement agency created under the CPRA) can fine your business if you don’t respond in a timely manner.

Aparavi has already implemented a compliance protocol that will ensure that your data is compliant with California’s laws. You can activate it in seconds, and your data won’t run afoul of the rules.

Nevada Chapter 603A

California, Nevada, and Maine are all thought of as the three states with true data privacy laws. But in truth, only California imposes strict requirements on businesses. Nevada updated its statutes by adding Chapter 603A to the books.

The law is relatively weak, as it only applies to websites that have at least 20,000 unique visitors a year and whose revenue is primarily derived from data gathering. All you have to do to comply is to post a privacy policy on your site in a conspicuous manner.

Maine’s LD 946

On its surface, Maine’s law sounds a lot like California’s, with protections for personal information including the prohibition of sale or transfer of personal data. However, there’s a major caveat.

Maine’s law only applies to internet service providers or ISPs. While this is a vital step forward, as ISPs truly could have access to your entire web browsing history and any data you’ve sent from your home, it imposes no rules on any other kind of business. If you’re an ISP and want to be compliant with Maine’s rules, Aparavi can do that for you, too.

Massachusetts Data Privacy Law

While Massachusetts Bill S.120, also known as the Massachusetts Consumer Data Privacy Law, has not yet been passed, the state has shown every indication that it is taking data privacy seriously. In 2019, the governor expanded their cybersecurity program and created the Data Privacy and Security Division within the attorney general’s office. You are required to report data breaches to this office if you experience a data breach involving data from Massachusetts residents.

The bill follows the structure of the CPRA to a large extent, so if it passes it’ll be another major privacy law to adhere to. Aparavi will make sure your business can be compliant with this law should it be approved because our cloud-based platform ensures that all classification policies are automatically updated whenever there is a new law you need to adhere to.

New York Privacy Act

Similar to Massachusetts, New York state hasn’t yet passed its “New York Privacy Act” (NYPA), but it has breach reporting requirements and basic cybersecurity parameters for businesses to follow. This requirement was passed in 2005 and has since been updated by the SHIELD Act. So, why hasn’t the NYPA passed yet?

Part of the reason is that the NYPA as it stands would be one of the toughest data privacy laws in the world. While the CCPA has a minimum threshold that keeps the law from applying to small businesses or those that handle very little personal information, the NYPA has no such limitation. It will apply to any business that works in New York or targets New Yorkers.

In addition, unlike California’s law that gives citizens the right to opt-out of data collection, New York would actually make data collection opt-in only. This would have huge ramifications for data collection, as many surveys show that people would generally not opt-in given the choice. Rest assured, if this law passes, Aparavi will be the first platform to keep your data compliant.

Nationwide Privacy Laws

As more states consider data privacy laws, there’s concern from the private sector about a “patchwork” of laws. One reason that laws like the NYPA haven’t passed is that state legislators are wondering if it is worth the effort. If the federal government were to pass a major data privacy law, then these state laws could be rendered moot.

However, what is most likely is that the federal government will pass some basic protections at some point, and other states will go further. Regardless of the situation, Aparavi will make it easy for you to be compliant in all 50 states. Since our platform can quickly identify which data corresponds to which state, we can automatically apply each state’s rules to your data and prevent any violations from occurring. In addition, Aparavi’s comprehensive and powerful data classification policies are updated whenever there is a change in legislation. Finally, because our platform is cloud-based, you can simply enable a new policy with the click of a button to automatically find relevant files, no matter which state’s data privacy laws you need to comply with.

Call Aparavi or schedule a demo of our platform today to see how it can prepare your business for the upcoming tidal wave of data privacy laws.