Data Privacy Laws and Your Rights: How to Protect Your Personal Data

Imagine this: you get an email from a company saying your personal data — name, email, Social Security number — was exposed in a breach. Millions of records, leaked. What can you actually do? What rights do you have?

This guide breaks down U.S. data privacy laws in plain language and walks you through how to protect yourself and file complaints.

1. U.S. Privacy Laws Explained in Plain Language

Unlike the EU's single GDPR framework, the United States has a patchwork of federal and state privacy laws:

Federal Laws

• FTC Act — The Federal Trade Commission enforces against unfair or deceptive data practices, even without a dedicated federal privacy law
• HIPAA — Protects health information held by healthcare providers and insurers
• COPPA — Protects children's online privacy (under 13)
• GLBA — Governs financial institutions' handling of personal data

State Laws (the real game-changers)

State	Law	Key Feature
California	CCPA / CPRA	Most comprehensive — right to know, delete, opt out of sale
Virginia	VCDPA	Consumer rights similar to CCPA
Colorado	CPA	Universal opt-out mechanism
Connecticut	CTDPA	Consent for sensitive data
Texas	TDPSA	Broad applicability, no revenue threshold
Oregon	OCPA	Covers nonprofits

California's CCPA (California Consumer Privacy Act) — enhanced by CPRA — is the gold standard. If a company does business in California or handles data of California residents, CCPA applies.

2. What Rights Do You Have?

Under CCPA and similar state laws, you typically have these rights:

Right	What It Means
Right to Know	Find out what personal data a company collects about you and why
Right to Delete	Request deletion of your personal data
Right to Correct	Fix inaccurate personal information
Right to Portability	Get your data in a usable, portable format
Right to Opt Out	Stop the sale or sharing of your personal data
Right to Non-Discrimination	Companies cannot punish you for exercising your rights
Right to Limit Sensitive Data Use	Restrict how sensitive data (SSN, health, geolocation) is used

Even if your state doesn't have a comprehensive privacy law yet, the FTC can act against companies that violate their own privacy policies or handle data deceptively.

3. What Companies Must Do

Privacy laws impose clear obligations on businesses:

• Get consent before collecting — Especially for sensitive data; no pre-checked boxes
• Notify you of breaches — Most states require breach notification within 30–72 days
• Minimize data collection — Only collect data necessary for the stated purpose
• Honor opt-out requests — Must provide a clear "Do Not Sell My Personal Information" link
• Secure your data — Implement reasonable security measures
• Maintain a privacy policy — Clearly explain data practices, updated annually

4. How to File a Complaint — Step by Step

Step 1: Document Everything

• Screenshot suspicious messages, emails, or unauthorized data usage
• Note dates, times, and what information was exposed
• Save any breach notification letters

Step 2: Contact the Company Directly

• Look for their privacy policy page — it usually lists a contact for data requests
• Submit a formal request citing your rights (e.g., CCPA right to delete)
• Companies generally have 30–45 days to respond

Step 3: File with Authorities

• FTC — File a complaint at ReportFraud.ftc.gov
• State Attorney General — Most states have online complaint forms for privacy violations
• California Privacy Protection Agency (CPPA) — If CCPA applies, file at cppa.ca.gov
• Identity theft — Report at IdentityTheft.gov

Step 4: Protect Yourself Immediately

• Change passwords on affected accounts
• Enable two-factor authentication (2FA)
• Freeze your credit with Equifax, Experian, and TransUnion
• Monitor bank statements for unauthorized charges

5. Practical Privacy Tips for Everyday Life

On iMessage and Messenger

• Review privacy settings regularly — limit who can find you by phone number or email
• Don't share SSNs, financial details, or passwords in regular messages
• Be cautious of links in group chats, even from people you know

When Signing Up for Services

• Read the privacy policy highlights — check if they sell data to third parties
• Use a separate email for non-essential signups
• Uncheck marketing consent boxes
• Use "Sign in with Apple" to hide your real email when possible

Devices and Apps

• Audit app permissions regularly (contacts, location, microphone, camera)
• Keep software and OS updated
• Use unique, strong passwords — a password manager helps
• Use a VPN on public Wi-Fi

Good Habits

• Google your name and phone number periodically to check for exposed data
• Delete accounts you no longer use
• Use Have I Been Pwned to check if your email was in a breach
• Opt out of data broker sites (DeleteMe, OptOutPrescreen.com)

6. Store and Share Legal References Securely with LOCK.PUB

When you're documenting a privacy complaint, storing breach evidence, or sharing legal references with your attorney, you need a secure way to do it.

LOCK.PUB lets you create password-protected memos — only someone with the password can read the content. You can:

• Store copies of privacy law references and your complaint correspondence
• Share breach evidence securely with your lawyer
• Set an expiration time so the memo self-destructs after it's served its purpose

No signup required, nothing stored on your device — everything is encrypted and accessible through a single link.

Take Control of Your Data

Data privacy isn't an abstract concept — it's your legal right. Whether you're protected by CCPA, a state privacy law, or federal regulations, you have tools to control how your personal data is used.

Don't wait until a breach happens. Be proactive about your privacy, and when you need to share sensitive legal information securely, use LOCK.PUB to keep it protected.