Skip to the main content.
New! Continuous MVR monitoring
Driving record monitoring

Ongoing monitoring of driving records can help employers avoid risk and improve driver safety. Learn about the benefits of adding Verified Credentials' newest solution to your screening strategy.

Read the blog ›

Featured resource

Industry-Trends-Report-01

Learn the latest trends in employment background checks. This report uses real-life usage data to uncover how employers are screening across industries.

Download the full report ›

Verified Credentials is a leading background screening company. Since 1984, we’ve helped validate and secure relationships through the use of our comprehensive screening solutions. We offer a wide variety of background checks, verifications, and innovative screening tools.

Get to know us ›

Accredited background screening solutions

Logo-PBSA-Accreditation-120x98

Our accreditation confirms that our policies, processes, and employee training meet rigorous industry compliance standards.

Learn about our solutions ›

3 min read

Two More States Enact Data Privacy Laws: What Employers Need to Know

Consumer and data privacy laws have been popping up everywhere lately. Soon, nearly half the nation will have active consumer privacy data laws. It may seem overwhelming, but we are here to help you get up to speed.

Recently, we covered multiple other states that enacted data privacy laws, such as Iowa, Indiana, Florida, Montana, and Texas. Two states have signed off on new consumer privacy laws to add to the growing list of consumer and data protections nationwide. Below is a quick overview of some highlights of Rhode Island and Minnesota's new consumer data privacy laws.

 

Minnesota's new data privacy law

On May 24, Governor Tim Walz signed the Minnesota Consumer Data Privacy Act (MNCDPA), officially making Minnesota the 19th state to enact a consumer data privacy law.

Who does Minnesota’s data privacy law apply to?

Minnesota’s data privacy law applies to organizations that conduct business in the state or produce products or services that target Minnesota consumers (including candidates). The business must also meet one of the following thresholds during the preceding calendar year:

  • Control or process the personal data of 100,000 Minnesota consumers or more or
  • Derive more than 25 percent of gross revenue from the sale of personal data and process or control the personal data of at least 25,000 Minnesota consumers.

What does the law include?

The MNCPDA will require businesses and organizations handling personal data to provide privacy rights to Minnesotans. Eligible companies must also address the consumer’s right to:

  • Confirm whether a controller is processing the consumer's data and the right to access the data
  • Correct inaccurate personal data
  • Require deletion of personal data (subject to exceptions)
  • Data portability
  • Obtain a list of third parties to which the controller disclosed the consumer's data
  • Opt out of targeted advertising, the sale of personal data, and the use of personal data for profiling by automated means that produce legal or significant effects. Controllers must also adhere to opt-out requests submitted by universal opt-out mechanisms (UOOMs).

The MNCPDA also addresses automated profiling that produces legal or similarly significant effects. However, the MNCPDA does not have a private right of action, meaning individuals cannot file suit if there is a violation. Instead, the state Attorney General's Office will enforce the new law exclusively, with civil penalties of up to $7,500 per violation after a temporary cure period expiring on January 31, 2026.

The Minnesota Consumer Data Privacy Act will go into effect on July 31, 2025. To read the full text of Minnesota’s Consumer Data Privacy law, take a closer look here.

 

Rhode Island's upcoming data privacy law

”The Rhode Island Data Transparency and Privacy Protection Act” was signed into law on June 29, 2024. The act's model is similar to the Washington Privacy Protection Act, but it has some distinct differences.

How is Rhode Island’s privacy law different?

  • The act includes a unique privacy notice requirement mandating entities to disclose the third parties they sell or “may sell” personally identifiable information to.
  • The act does not include some provisions that have become commonplace in recently passed laws, such as data minimization language and an obligation to recognize universal opt-out mechanisms.

Enforcing the new rules

The state Attorney General will enforce the act without a private right of action. It is the first state consumer data privacy law without a cure right. Violations of the act are enforceable under the state’s deceptive trade practice act. Entities that “intentionally disclose personal data” to a shell company or entity created to circumvent the act or in violation of any provision of the act shall pay a fine of between $100 and $500 for each such disclosure.

Rhode Island's privacy act will go into effect on January 1, 2026. Read the full text here to see the details of Rhode Island’s upcoming privacy law changes.

 

The future of privacy and data protection laws across the US

Adding two new privacy and data protection laws is a growing response to the need for better privacy regulations in a world where personal data is closer to our fingertips than ever before, not just in IT but for all areas across an organization.

Data and privacy laws not only apply to customers but can directly impact how organizations handle candidate data in the screening and onboarding process. Employers operating in or hiring remotely in states with data privacy laws may want to consult their legal counsel to see how new and existing data privacy laws affect business and hiring practices. Verified Credentials will do its best to provide the latest updates on upcoming data privacy laws as they become available.

Employment Fairness Act for Returning Citizens in Prince George’s County, MD

The Prince George's Employment Fairness Act for Returning Citizens is a new law in Prince George's County, Maryland, designed to provide fair...

Read More

Colorado’s Clean Slate Act Goes into Effect

As of July 1, 2024, Colorado’s Clean Slate Act, or Senate Bill 22-099, is officially in effect.This comes in the wake of several other states that...

Read More

Texas Attorney General Forms Privacy Task Force

The Texas Attorney General’s office has recently announcedthe formation of a dedicated task force within its Consumer Protection Division. This task...

Read More

Illinois Law Banning Reporting of Medical Debt Under Review

On May 16, 2024, the Illinois legislature approved Senate Bill 2933. The bill is an amendment to the Illinois Consumer Fraud and Deceptive Business...

Read More

Massachusetts Ban on Credit Checks for Employment Purposes in Motion

Restrictions on access to records used for employment purposes that could unfairly sway hiring decisions remain a priority as local governments try...

Read More

Colorado’s Clean Slate Act Goes into Effect

As of July 1, 2024, Colorado’s Clean Slate Act, or Senate Bill 22-099, is officially in effect.This comes in the wake of several other states that...

Read More