Delaware has become the latest state to enact legislation aimed at protecting the personal data of consumers.
House Bill 154 (HB 154), signed into law by Gov. John Carney earlier this month, created the Delaware Personal Data Privacy Act which lays out consumers’ personal data rights.
It gives state residents the right to know what information is being collected, correct any inaccuracies, and request that their data be deleted.
HB 154 applies to entities conducting businesses within Delaware that control or process the personal data of at least 35,000 consumers. It’s also applicable to businesses that control or process the data of at least 10,000 consumers who derive more than 20% of their gross revenue from the sale of that data.
Under the new law, which takes effect in January 2025, a public outreach campaign will begin in July to educate customers on their rights and affected businesses on their obligations.
State Rep. Krista Griffith said the legislation will give residents more control over their personal data.
“Delawareans haven’t had the right to even access who has their information, how much information they have on you individually, and also, if there is something wrong with that information, to correct it,” Griffith told Delaware Public Media. “But most importantly, to even delete the information.”
The legislation also gives state residents the right to:
- Determine whether a business is collecting their personal data and, if so, access it;
- Obtain a copy of the data collected;
- Receive a list of which third-party agencies received access to the data; and
- Opt out of permitting their data to be processed and used for advertising, profits, or profiling.
Once the law goes into effect, businesses will have 45 days to respond to consumer requests.
The BSA Foundation, an international research organization that helps consumers better understand the impact of software on their lives, applauded the passage of the legislation.
“BSA appreciates the enactment of the Delaware Personal Data Privacy Act, which aligns with other state consumer privacy laws and clearly recognizes the distinct roles and obligations of controllers and processors of consumers’ data,” it said in a statement. “The Delaware Personal Data Privacy Act gives Delaware citizens strong privacy protections, creating clarity and confidence in how their data is used and protected.”
It noted that during this year alone, eight states have passed consumer data privacy laws and that all of them adopted the same structural model for protecting data.
A dozen states now have data privacy laws on the books. For collision repair facilities, it highlights the need for end-user license agreements and data collection/use consumer disclosures sooner rather than later, if not already in place.
Aside from Delaware, other states with data privacy laws include California, Virginia, Connecticut, Colorado, Iowa, Utah, Indiana, Tennessee, Oregon, Montana, and Texas.
Right now, California lawmakers are working to take consumer protection further with a pair of bills.
Earlier this month, California became the nation’s first state to pass a bill that will require data brokers to delete someone’s personal information the first time a request is made to do so. Under Senate Bill 362, which is now headed to Gov. Gavin Newsom’s desk for a signature, a website would be created that would help Californians control who has access to their information.
Also headed to Newsom for a signature is a bill that would make it mandatory for automakers to notify drivers when images are gathered by in-vehicle cameras. Senate Bill 296 (SB296), introduced by Sen. Bill Dodd (D-Napa), would also prohibit images captured from being sold to third parties or for advertising purposes.
The federal government has also considered data and PII privacy legislation. Last year, the U.S. House considered the first bipartisan and bicameral bill to protect consumer data collection and privacy across nearly all sectors, including automakers and car dealers.
“After failed efforts over many decades, the ‘American Data Privacy and Protection Act’ (the Act) is the first bipartisan, bicameral national comprehensive privacy and data security proposal with support from leaders on the House Energy and Commerce Committee and the Senate Commerce, Science, and Transportation Committee,” wrote Rep. Frank Pallone (D-N.J.) in a June 10, 2022 memorandum.
The bill didn’t make it out of committee.
Featured image: Delaware’s capitol building is pictured. (aimintang/iStock)