USstatelaws

From Privacy Wiki
Jump to navigation Jump to search

State Privacy Laws of the United States

States

In the modern age, it is hard to regulate statutes at the state level. The states have been rushing to pass their own bills and statutes in order to cover the deficit provisions of laws. However, while states are rushing making the laws and regulations to protect their residents, the statutes create some risks. Those risks can be consumer confusion, false sense of security, undoubtedly lead to inconsistent treatment of data depending on a variety factors or a challenging environment for businesses to navigate and drive up costs for legal compliance. Furthermore, the state regulations might not protect all the scopes of violations that have been stated by Daniel Solove. The specific sections of the state laws that could be interpreted as meeting the definition.

Alabama

  • Ala. Admin Code Reg. §420-5-7-.05
  • Ala. Admin Code Reg. §420-5-7-.13
  • Ala. Admin. Code r. §545-x-4-.08
  • Ala. Code § 25-5-339 (b)
  • Alabama Data Breach Notification Act
  • Alabama Insurance Regulation Chapter 482-1-122

Alaska

  • AS § 18.13.010 et seq
  • AS §45.48.100-.290 (section in the Alaska Personal Information Privacy Act)
  • §45.48.400 (section in the Alaska Personal Information Privacy Act)

Arizona

  • Ariz. Rev. Stat. Ann. § 12-2803
  • Arizona 2010 SB 1309
  • ARS §1-602
  • ARS § 12-2801 et seq
  • Arizona 2016 HB 2144
  • Arizona 2019 SB 1297
  • Ars § 20-448-.02
  • Ars § 41-151.22

Arkansas

  • Ark. Code § 20-35-103
  • Arkansas 2015 HB 1827
  • Ark. Code § 20-35-101 et seq.
  • Arkansas Code Ann. §4-110-104
  • Ark. Code §11-2-124, Ark. Code § 6-60-104

California

  • Cal. Health & Safety Code § 24175
  • Confidentiality of Medical Information Act
  • Cal. Civil Code §56.17
  • California Civil Code §§ 1798.83 to .84 (shine the light law)
  • Calif. Lab. Code § 980
  • California Civ. Code §1798.81.5
  • Cal. Bus. & Prof. Code § 22948.20
  • Penal Code §637.5- Invasion of Privacy
  • Calif. Bus. & Prof. Code §§ 22580-22582
  • Cal. Civil Code § 1798.90.1
  • Calif. Bus. § Prof. Code § 22575
  • Calif. Bus. & Prof. Code § 22575-22578 (CALOPPA)
  • California Consumer Credit Reporting Agencies Act
  • California Consumer Privacy Act (CCPA)
  • California Government Code §6267
  • IoT Security Law (SB 327)- SB-327 Information privacy: connected devices.(2017-2018)
  • California Song-Beverly Credit Card Act of 1971
  • California Education Code § 99121-99122

Colorado

  • Colorado 2015 SB 15-077
  • Colo. Rev. Stat. Ann. § 10-3-1104.6
  • Colorado 2009 HB 1338
  • C.R.S. 8-2-127
  • The Protections for Consumer Data Privacy Act

Connecticut

  • Conn. Gen. Stat. § 42-471
  • Access to medical records. Notification to patient of certain test results. Authority of provider to withhold information (2012)
  • Breach Notification (2006)
  • Connecticut General Statutes (2012)
  • Disclosure Limitation And Conditions & Sale Of Individually Identifiable Medical Record Information Prohibited. Written Consent Re Disclosure For Marketing Purposes. Exceptions. Cause Of Action For Violations (2000)
  • Protection of Social Security Numbers and Personal Information (2003)

Delaware

  • Del. Code §1203(2015)
  • Delaware 2015 SB 151
  • Delaware 2015 SB 68, Delaware Online Privacy and Protection Act
  • Delaware SB 79
  • Delaware 2017 HS 1 for HB 180
  • Del. Code 16 §1201 et seq.
  • 19 Del. Code § 709A
  • 14 Del. Code §8103
  • Del. Code § 1204C
  • Del. Code. Tit. 6, §1206C
  • Del. Code Tit. 6 §1205C

Florida

  • Breach Notification (2014), Fla. Stat. § 501.171
  • Credit Card Surcharge Prohibited (2015)
  • Title XLVI-Chapter 817-Fraudulent Practices-Section 06 Misleading advertisements prohibited; penalty
  • Patient and personnel records; copies; examination
  • Use of a Driver License or Identification Card (2017)
  • Electronic Mail Communications (2004)
  • Fla Stat. Ann.§760.40
  • SB 1670 (July 1, 2020)

Georgia

  • Ga. Rev. Code §§ 33-54-3
  • Ga. Rev. Code §§33-54-6
  • OCGA §§33-54-1 et seq
  • Breach Notification, Title 10, Chapter 1, Article 34 §10-1-912 (2010)
  • Action in event of Telephone Record Security Breach (2010)
  • Furnishing copy of records to patient, provider, or other authorized people (2010)
  • Genetic Testing (2010)

Hawaii

  • HRS §§431: 10a-118
  • HRS §§431:10a-404.5
  • HRS §§432:1-607
  • HRS §§432d-26
  • HRS §§432:2-404.5

Idaho

  • IC §39-8301 et seq.-Identity Theft Protection Act (2003)

Illinois

  • Ill. Comp. Stat. §50/3.1(a)
  • Illinois 2007 SB 941
  • Illinois 2018 SB 2399
  • Illinois 2017 SB 318
  • Illinois 2019 HB 2189
  • Illinois 2019 SB 1307
  • Illinois: 410 ILCS 513/1 et seq.(Genetic Information Privacy Act)
  • 815 ILCS 510: Uniform Deceptive Trade Practices Act (UDTPA)
  • 820 ILCS 55/10 (Right to Privacy in the Workplace Act)
  • 105 ILCS 75/10
  • Artificial Intelligence Video Act (HB 2557)]
  • Personal Information Protection Act (SB 1624 amendments)
  • 740 ILCS 14/Biometric Information Privacy Act

Indiana

  • Indiana Code Ann. § 24-4.9-3-3.5(b)
  • Breach Notification (2006)
  • Disclosure of Health Records (1993)
  • Right of access; written requests; effective duration

Iowa

  • 2010 SF 2215
  • IC §§513b.10
  • 2019 HSB 14
  • 2019 SB 1071
  • IC §§ 507b.4
  • IC §§513B.9a
  • Standards of Practice and Principles of Medical Ethics (1996)
  • Personal Information Security Breach Protection (2014)
  • Genetic Testing
  • Breach Notification (2008)

Kansas

  • 2014 SB 367
  • KSA §72-6214
  • Genetic Screening Or Testing; Prohibiting The Use Of; Exceptions; Restrictions (2017)
  • Protection of Consumer Information (2012)

Kentucky

  • Kentucky 2019 SB 152
  • Kentucky 2014 HB 5
  • KRS §61.931 et seq.
  • Kentucky 2019 SB 152
  • KRS §304.12-085
  • 806 KAR 3:220. Privacy of Health Information (2002)
  • Destruction of Records Containing Personally Identifiable Information (2006)

Louisiana

  • LRS 40: 2210
  • LRS 22:1023
  • LRS 22: 1097
  • LA. Rev. Stat. §51:1951 to §§1953 and 1955
  • LA. Rev. Stat. §51:1951 to §1952 and §§1954 to 1955
  • Database Security Breach Notification Law (2006)
  • Health Care Information; Records (2015)
  • Tracking Devices Prohibited (2011)
  • Unsolicited Commercial Electronic Mail Restrictions (2016)
  • Prohibited discrimination; genetic information; disclosure requirements (2009)

Maine

  • Me. Rev. Stat. Ann. Tit. 22
  • MRS 24A §2204
  • 26 MRS §616 to 619
  • Discrimination based on genetic information or testing (1997)
  • Electronic Mail Solicitation (2003)
  • Notice of Risk to Personal Data Act (2005)
  • Patient access to hospital medical records (1977)

Maryland

Massachusetts

Michigan

Minnesota

Mississippi

Missouri

Montana

Nebraska

Nevada

New Hampshire

New Jersey

New Mexico

New York

North Carolina

North Dakota

Ohio

Oklahoma

Oregon

Pennsylvania

Rhode Island

South Carolina

South Dakota

Tennessee

Texas

Utah

Vermont

Virginia

Washington

West Virginia

Wisconsin

Wyoming

See also

References