Blog
Introducing our guide to sensitive data and U.S. privacy laws
July 25, 2024

We’re excited to announce the release of our “Guide to Navigating the Maze: Sensitive Data & U.S. Privacy Laws.” This resource delves deep into the evolving landscape of regulations that impact the processing of sensitive data.
The inference revolution in sensitive data
One of the most significant developments in privacy law is the growing recognition that sensitive information can be derived from seemingly innocuous data. Our guide explores how different states are tackling this challenge, for example, Washington and Nevada.
Washington’s groundbreaking approach
Washington state’s “My Health, My Data” Act represents a paradigm shift in how we define sensitive data:
- Broad definition: The law extends protection to health-related inferences derived from non-health data.
- Indirect collection: It covers health data that could be used to make inferences about a consumer’s past, present, or future health status.
- Real-world impact: We provide examples of how everyday purchase data could be used to infer health conditions, triggering the law’s protections.
Colorado’s comprehensive view
The Colorado Privacy Act (CPA) takes a nuanced approach to inferences:
- Explicit inclusion: The CPA specifically mentions inferences in its definition of personal data.
- Consent requirements: We detail how Colorado requires opt-in consent for processing sensitive data inferences.
- Contextual considerations: The guide explains how Colorado’s law considers the context in which inferences are made, potentially classifying more data as sensitive based on its use.
A framework for managing sensitive data risk
Central to our guide is a practical framework for managing the risks associated with processing sensitive data:
- Data mapping: Techniques for identifying data that could lead to sensitive inferences.
- Inference analysis: Methods for assessing when data processing might create sensitive inferences.
- Consent strategies: Approaches to obtaining consent for potential inferences, not just raw data.
- Technical safeguards: Tools and techniques to prevent unintended sensitive inferences.
- Policy development: Guidelines for creating internal policies that address inference risks.
Comparative analysis of approaches
Our guide provides a comparison of how the FTC, Washington, Colorado, and Nevada approach sensitive data inferences:
- Scope of protection: We discuss which types of inferences each regulatory body considers sensitive.
- Consent mechanisms: The guide provides a comparison chart that compares the specific consent requirements for processing inferred sensitive data in each state.
- Enforcement approaches: We detail how what state regulatory enforcement and FTC enforcement have looked like so far.
This comparative analysis helps organizations operating across multiple states develop cohesive compliance strategies.
By providing this overview of sensitive data privacy in the U.S., our guide equips privacy professionals, legal teams, and business leaders with the knowledge needed to navigate this complex and rapidly evolving landscape. Whether you’re grappling with health data inferences in Washington or new FTC warnings about sensitive data inferred in behavioral advertising, this resource offers the specific insights you need to ensure compliance and protect your customers’ most sensitive information.
Download our “Guide to Navigating the Maze: Sensitive Data & U.S. Privacy Laws” now to access this primer and our practical framework for managing sensitive data risk in the changing regulatory landscape.
Latest Blog Posts
New York Passes Health Information Privacy Act; ICO To Review UK’s Top Websites for Cookie Compliance
January 27, 2025The New York legislature passed new health privacy legislation...
Unauthorized Sharing of Location and Driving Data Draws Scrutiny from Texas AG, Illinois Class, and FTC
January 22, 2025Allstate is facing lawsuits from the Texas Attorney General...
New Jersey AG’s Office Provides FAQs Ahead of New Privacy Law; Danish DPA Focus on Shopping Apps
January 13, 2025New Jersey AG's office issued a set of 24...
Latest White Papers
Connecting Legal & Marketing Teams on Consent and Preferences
February 4, 2025Break down data silos and unlock better collaboration. Marketing...
Navigating Sensitive Data in the U.S.
February 4, 2025Download our comprehensive guide to learn how different states...
Enterprise Guide To Cookie management & Tracker List Curation
July 1, 2024How to review the tracking tech on your websites...
Keep in touch
Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.