2023 Updates to Data Privacy Laws
US data privacy laws are expected to change considerably in 2023. Changes to these laws will require additional attention from businesses and organizations that collect and use private information. Additionally, these changes will provide individuals with more control over how their personal information is collected, used, and even removed.
Many states are currently drafting, implementing, or updating laws that govern the collection, use, storage, safeguarding, and disposal of personal data. In recent years, data privacy laws have been implemented in California, New York, and Virginia with Colorado, Utah, and Connecticut expected to follow suit in 2023. Legislation is currently being drafted in Michigan, Ohio, Pennsylvania, and New Jersey. More states will be added to this list.
Included in these laws are the following rights:
- Access: The right to request access to inspect your personal information.
- Correction: The right to request that errors in your personal information be corrected.
- Erasure: The right to request that your personal information be deleted.
- Consent: The right to decide whether your personal information may be sold or used to create targeted advertising.
- Appeal: The right to appeal a denial of any of these requests.
Federal laws that govern privacy of information include medical and financial information as well as data belonging to children. Federal law is also applied in education, known as FERPA (Family Educational Rights and Privacy Act). Below are some Federal laws in place:
- Health Insurance Portability and Accountability Act (HIPAA), which protects the security and privacy of Personal Health Information (PHI) and applies to health plans, health insurance companies, and some government programs like Medicaid and Medicare and healthcare clearinghouses that process non-standard health data received from another entity.
- Gramm-Leach-Bliley Act (GLBA), which focuses on financial institutions that provide services or products, including advice on investing, insurance, and loans, and requires them to clearly explain how customer data will be used and shared. All data must be protected.
- Children’s Online Privacy Protection Act (COPPA), which governs the operation of online services and websites that collect information from children under 13 years old.
How to Remain Compliant in 2023
Being informed of past, present, and upcoming data protection laws is vital. These laws mandate the secure destruction of personal information collected by your organization. Consider working with a local, reputable shredding service company who understands and complies with all of these laws.
ShredLink is a full-service shredding and data destruction business serving clients across Southeast Louisiana. Along with our document storage and information management company, FileLink, we can assist your business in both becoming compliant and remaining compliant with current and evolving data privacy laws. To learn more or to request service, please contact one of our knowledgeable professionals at 504-885-0186 or complete the form on this page. We look forward to assisting you!