What are the main data protection laws in the US?
In the US, different types of data receive different federal protections. And many states impose their own laws too. As a digital health company selling in the US, here are 3 laws every digital health company needs to know.
HIPAA
The HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA), is the main United States Federal law to protect the privacy and security of individually identifiable health information. It applies to healthcare providers, health insurance plans, and healthcare clearinghouses, ****along with their providers.
HIPAA is actually a combination of several different laws, each covering a different aspect of data privacy. These include the Security Rule, Privacy Rule, Breach Notification Rule, and parts of the HITECH Act. HIPAA also has a whole host of terminology you need to get familiar with. But compliance is relatively straightforward and prescriptive, at least compared with health data under GDPR.
COPPA
The CHILDREN’S ONLINE PRIVACY PROTECTION ACT (COPPA), is a federal law that prohibits unfair or deceptive practices connected with the collection, use, and/or disclosure of personal information from and about children under 13 on the Internet. It applies to any operator of a website or online service directed at children.
Complying with COPPA is remarkably tough and almost all companies try to avoid this where possible. That’s why the likes of Meta and Snapchat have always excluded under 13s from opening accounts.
CCPA
CALIFORNIA CONSUMER PRIVACY ACT (CCPA) and its updates. Similarly to GDPR, the CCPA gives individuals transparency and control over how businesses collect and use their data. But the CCPA only applies to companies (and their providers) doing business in California or handling personal data about California consumers. There are also exemptions for smaller companies or companies who only handle small amounts of personal data.
Fore most startups, CCPA won’t apply. But if you are targeting California you definitely need to be aware of it. And make sure all your privacy notices contain suitable CCPA language.
Which other states have consumer privacy laws?
As of the time of writing, around 20 states already have privacy legislation enacted. A further 5 are in the process of enacting new legislation. In total, well over half the US population is now protected by some form of state-level consumer privacy legislation.
%20(1).webp)
Many states have based their legislation on CCPA, and so are also quite aligned with GDPR. However, it is really important to read up about each one if you are intending to target these states commercially.
We hope this helps shed some light on what you have to do to enter the US market and, as always, if you are not sure what to do feel free to reach out!
Need help figuring it out? We’re here to help!
Chino.io is the one-stop shop for solving all privacy and security compliance aspects.
As a partner of our clients, we combine regulatory and technical expertise with a modular IT platform that allows digital applications to eliminate compliance risks and save costs and time.
Chino.io makes compliant-by-design innovation happen faster, combining legal know-how and data security technology for innovators.
To learn more, book a call with our experts.
Streamline Your Compliance With Chino.io Today
Discover our
Templates
Read our Latest Industry Insights
Discover insights from our expert writers.
.webp)