Are You Up to Date on 2023 Data Protection Laws?

Feb 15, 2023

A lineup of wooden blocks on a desk, each with a different lock icon, and the words "Data Protection" floating above.As a business that generates, handles and destroys data on a regular basis, you are required to comply with the laws by protecting that sensitive information. In addition, you also need to keep up with the changes to those laws and the addition of new ones over time.

2023 is no exception when it comes to data privacy law updates. No single federal law governs data privacy in the US, despite many attempts to pass such legislation. Instead, you are forced to navigate an alphabet soup of laws. Here’s a quick review.

  1. The Federal Trade Commission Act (FTC Act) was designed and implemented to prevent unfair or deceptive trade practices. It can impose legal action against organizations that:
    • Neglect to implement and maintain reasonable data security
    • Don’t follow a published privacy policy
    • Improperly transfer personal information they are not permitted to
    • Inaccurately present information in responses to consumers or in privacy policies
    • Fail to provide proper security for personal data
    • Violate the privacy rights of consumers while collecting, processing, or sharing their information
    • Mislead the public with inaccurate advertising practices
  1. The Children’s Online Privacy Protection Act (COPPA) governs the collection of information pertaining to minors.
  2. The Gramm Leach Bliley Act (GLBA) governs personal information collected by banks and financial institutions.
  3. The Health Insurance Portability and Accounting Act (HIPAA) governs the collection of health information.
  4. The Family Educational Rights and Privacy Act (FERPA) protects the privacy of student education records.
  5. The Fair Credit Reporting Act (FCRA) regulates the collection and use of credit information.
  6. The Fair and Accurate Credit Transactions Act (FACTA) is an amendment to FCRA that requires financial institutions and creditors to implement written identity theft prevention.

State Privacy Laws

Some states have implemented their own data protection laws that are expected to eventually become federal law. Many of these state laws are implemented primarily to give consumers more control over their personal information. Some current and upcoming examples of these state laws are:

  • New York’s Stop Hacks and Improve Electronic Data Security Act (SHIELD) took effect on March 21, 2020.
  • Virginia’s Consumer Data Protection Act (CDPA) passed on March 2, 2021.
  • The California Privacy Rights Act (CPRA) took effect on January 1, 2023.
  • Colorado Privacy Act (CPA) will take effect on July 1, 2023.
  • Utah Consumer Privacy Act (UCPA) will take effect on December 31, 2023.
  • Connecticut’s Data Privacy Law (CTDPA) will take effect July 1, 2023.
  • Michigan, Ohio, Pennsylvania, New Jersey, and over 20 other states are presently drafting, or considering enacting data protection legislation in 2023.

Staying Current

It’s challenging to run a business, comply with all data protection laws, and stay current with new and changing laws. When it comes to protecting your business, staff and client’s information, working with a local, reputable shredding provider can simplify legal compliance in so many ways. Consider outsourcing to the experts to securely shred the personally identifiable information (PII), medical records and all other sensitive paper and digital information your business is responsible for, in compliance with federal and state laws.

ShredPro Secure provides NAID AAA Certified shredding services in East Tennessee and Southwest Virginia businesses and residents with on-site and drop-off shredding services. For more information or to book shredding service, simply call us at 865-986-5444 or complete the form on this page. Our friendly shredding experts are standing by to help!

Request Your Free Quote

  • This field is for validation purposes and should be left unchanged.

Latest News