U.S. State Privacy Laws

U.S. State Privacy Laws

To date, 47 U.S. states have enacted data privacy laws, often modeled after California’s SB 1386. Most of these laws are designed to protect misuse or disclosure of personally identifiable information. Details on all U.S. state breach notification laws can be found on the National Conference of State Legislatures website.

Data Fields Requiring Protection:

  • Most state privacy laws have similar language requiring protection of:
  • Names
  • Social security numbers
  • Driver’s license numbers
  • Account numbers
  • Credit or debit card numbers
  • Access codes or passwords that provide access to an individual’s financial account, medical or health insurance information

Breach Notification Requirements and Exemptions

Most state privacy laws specifically exempt encrypted data if it has been “transformed into a form in which the data is rendered unreadable or unusable without use of a confidential process or key.”

Hosting info image

CipherCloud Helps U.S. State Privacy Compliance with:

 

  • Strong encryption and tokenization for cloud data, meeting GDPR standards for data protection
  • Encryption keys controlled exclusively by customers, meeting “pseudonymization” requirements
  • Exemption from breach notification requirements by effectively anonymizing data
  • Technology specifically called for to meet Privacy by Design and Default principals
  • Dramatic reduction in audit scope by removing data exposure to cloud providers

 

See How CipherCloud Can Help Secure Your Data In The Cloud