So much to do this week, just now getting to this. Last week, Iowa became the sixth state to pass a data privacy law, doing so unanimously!
According to Forbes (Iowa Unanimously Passes Data Privacy Law, written by Alonzo Martinez and available here), Senate File 262 was unanimously passed by the Iowa Senate and House and awaits the Governor’s signature.
Iowa’s data privacy law applies to companies that (1) control or process data of at least 100,000 Iowa consumers, or (2) control or process data of at least 25,000 Iowa consumers and derive 50% of their revenue from the sale of personal data. Of note for employers conducting background checks, Iowa joins California, Colorado, Connecticut, Utah, and Virginia by exempting data regulated by the Fair Credit Reporting Act (FCRA). Exceptions also exist for state and municipal entities, political subdivisions, banks, and financial companies subject to the Gramm-Leach-Bliley Act (GLBA), and healthcare organizations as specified in the statute subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), non-profits, higher education institutions including Family Educational Rights and Privacy Act (FERPA) data, data governed by the Children’s Online Privacy Protection Act of 1998 (COPPA) and certain information related to employment.
The Iowa Privacy Law grants the following rights to consumers, subject to authentication of the consumer request:
- Right to confirm processing and access personal data
- Right to delete personal data provided by the consumer
- Right to obtain a copy of the personal data
- Right to opt-out of sale of personal data to a third party
- Right to opt-out of targeted advertising
Controllers must provide consumers with a privacy notice that identifies the following:
- The categories of personal data processed,
- The purposes for processing,
- How consumers can exercise their data privacy rights,
- The categories of personal data the controller shares with third parties if any, and
- The categories of third parties, if any, with whom the controller shares personal data.
Iowa’s data privacy law is expected to be signed by the Governor and will take effect on January 1, 2025. For more on the new law, check out the article here.
Related Posts
Tomorrow is Data Privacy Day!: Data Privacy Best Practices
Two SCOTUS Cases with Potential Impacts on Recommendation Algorithms: Artificial Intelligence Trends
Second Major Fine for Meta in Less Than Three Months: Data Privacy Trends
How to Protect Sensitive Information from Unauthorized Disclosure: Data Privacy Trends
Four in Ten Consumers Say Personal Data Has Been Compromised or Worse: Data Privacy Trends
So, what do you think? Which state will be next to pass a data privacy law? Please share any comments you might have or if you’d like to know more about a particular topic.
Image Copyright © World Atlas
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.
[…] date is far from it – January 1, 2026, which is over two-and-a-half years away! Iowa, which just passed their bill last month, goes into effect one year […]
[…] joins Iowa, Indiana, Tennessee and Montana as states that have enacted or passed a data privacy law since late […]
[…] year – to pass a consumer data privacy law. The other states that have passed bills this year are Iowa, Indiana, Montana, Tennessee, and […]
[…] I said evolving US data privacy laws are evolving much more rapidly in 2023, I wasn’t kidding! Iowa, Indiana, Montana, Tennessee, Texas, Oregon and Delaware have all passed data privacy laws this […]