LOS ANGELES – In the absence of a federal privacy law, U.S. states are in different stages of drafting or approving regulations to give consumers more control over how their data are used. Marketers that collect consumer data need to ensure they’re complying with those regulations to avoid potential fines or other penalties.

California last year passed the California Privacy Rights Act (CPRA) to modify the California Consumer Privacy Act (CCPA),

“Data deletion and access request rights for users as well as opt-out rights are still there,” Yashina Burns, director of data privacy and legal affairs at healthcare advertising technology company DeepIntent. “It builds on the fundamentals of CCPA and expands these consumer rights, and adds business obligations that were not previously there.”

The CPRA also resembles the European Union’s General Data Protection Regulation (GDPR) that went into effect three years ago.

“There’s data minimization as well as the right for users to correct their information if it’s inaccurate,” Burns said. “In terms of data minimization, that’s going towards retaining data only for as long as you actually need it.”

Marketers that haven’t already changed their practices to comply with GDPR must evaluate their data gathering to comply with state laws that apply to consumers within their jurisdiction.

“They’ll have to look at their sensitive personal information, and separate that out from their non-sensitive personal information,” Burns said. “That way, when there’s a sensitive personal information data use limitation request, they’re able to actually stop the use of sensitive information.”

Virginia Is For Data Privacy

The information can include data for cross-contextual or behavioral advertising as consumers opt out of being tracked online. Outside of California, Virginia recently passed a data privacy law, while other states including Washington and New York are weighing similar measures.

“Because of all the differences and little nuances between all the state laws, people are hoping for a federal law that’s not too restrictive,” Burns said.

Her company continuously updates services to comply with regulations and protect consumer privacy.

“In our direct-to-consumer side, we are able to do targeting without the use of personally identifiable information and without the use, explicitly, of healthcare data,” she said. “We’re able to use de-identified versions of data.”

She recommends that marketers comply with existing laws like CCPA and GDPR where applicable, especially since they influence how legislators in other regions develop their own rules.

“There is going to be some overlap,” Burns said. “A lot of the legislators are looking at pre-existing laws … as at least a starting point for their laws.”

You are watching “Embracing the Future of Healthcare Marketing,” a Beet.TV leadership series presented by DeepIntent. For more videos, please visit this page.