Does the US have Data Privacy Laws (and how can they affect your business)? 


As business owners, we tend to collect an abundance of personal data from our customers to better help us serve them and/or sell to them.

Under the US Privacy Laws, or lack thereof, it can become a bit of a slippery slope determining how to legally and appropriately gather and use this data to ensure the safety of our clients’ information.

Even with there being no federal privacy laws in the US at the time of this article (except for in certain states like California, Maine and Nevada with active laws), did you know that there’s a right and wrong way to manage the personal data necessary for your online business?

If you want to know more about US Privacy Laws and how they affect your business, keep reading to discover the best ways to handle your customers’ data for the integrity of them, your business and the law.


What are the US Privacy Laws?

The short answer is there are no laws.

It has been long debated since the optimization of the internet to create specific guidelines for major corporations and social media sites to handle their users’ personal data (i.e. your name, email address, phone number, location and even your general interests and hobbies) with honesty and transparency.

Yet if you use the internet, you know this oftentimes can be further from the truth! Big Tech companies such as Google, Facebook and Apple are notorious for collecting our data and doing as they please with it.

While sometimes they include a little box for us to check or uncheck to opt in or out of their data harvesting, this is not the standard every time. In most cases, data is outright stolen, manipulated and sold to make a profit.

If there were strong federal US Privacy Laws intact to prevent this kind of behavior, the general public would have explicit rights to, or not to, consent to their information being collected and used; or even be able to edit or delete said information altogether.

However, only California, Maine and Nevada have taken the extra step to ensure this kind of online safety to their residents.

Under the California Consumer Privacy Act (CCPA), the consumer is allowed to determine how much personal data being shared is too much, and they have the right to access it and delete it.

Maine and Nevada have followed suit with copycat acts of their own to provide security for their residents’ online information.


What does this mean for online businesses?

For online businesses, we collect data in a similar fashion as Big Tech.

Email marketing and eCommerce allows us to gather our customers’ data to continue to stay in contact with them and/or sell to them.

Whereas I’ve discussed in previous articles about the EU’s Privacy Laws, the General Data Protection Regulation (GDPR), there are strict protocols every online business must abide by to guarantee the privacy of its consumers are protected.

If you work around these laws, there can be steep fines! However, if you’re in the US, you have much more leeway.

But it’s highly encouraged to still act accordingly for the best interest of your customers. For example, just because there is no specific rule saying you can’t sell their data once you acquire it doesn’t mean you should.

Online businesses should do their best to follow the practices below to give their customers the best experience with your business, especially if you operate within California, Nevada or Maine.

Get explicit consent each time, all the time

Have you ever noticed that when you visit some websites, enjoy their content and decide to sign up for their emails that there might be a little box already prefilled with a checkmark for you to agree to their terms and conditions before you’ve had a chance to read them?

This is called ambiguous consent. The best practice is to always allow your customers to understand and explicitly agree to give their data to you, and not trick them into doing it.


Don’t flood their inboxes with emails

While we want to always stay fresh in our customers’ minds, it’s important not to abuse their data by hounding them with email after email.

This goes for constant email marketing campaigns and, worse, sharing or selling their information to other sites that may cold pitch and spam their inboxes.

It can be a little tricky navigating policies that don’t technically exist when you’re a business in the US, however, it’s essential to be honest with how you collect your users’ data, what you do with it and why.

As the states work on coming up with federal privacy laws, in the meantime, do your best to uphold dignity for both you and your clients!

Need help with your website?

Contact me and let’s work together!


Hi there, I’m Kaisa!

I’m your coach, friend and webdesigner when you want to get serious about your Passion project and make it into a business with a beautiful online presence.

I’ll help you with tech, design and courage. Contact me and we’ll create some magic for your Passion Business!

Subscribe to stay in touch!

    Website Challenge!

    Join the FREE 10 day Website Kick-Start Challenge and receive actionable steps and templates daily for 10 days!


    Stop the tech struggle!

    Kick-start your website

    Join the 10 day Website Kick-Start Challenge and receive actionable steps & ready-made templates DAILY for 10 days!