Blog Press

Sourcepoint CMP Tackles Future of US Privacy with New Sensitive Data Opt-in Functionality

January 17, 2024
computer screen with sensitive data

NEW YORK—Sourcepoint, a leading data privacy technology company, has launched a sensitive data opt-in feature for its consent management platform (CMP) to help customers prepare for U.S. privacy changes on the horizon. As of March 31, 2024, the Washington “My Health, My Data” Act will require opt-in consent for tracking and collecting personal health data, which is defined very broadly. Several other U.S. states already require opt-in consent for sensitive data collection, but Washington’s new law also provides a private right to action to consumers. This marks a paradigm shift from the traditional opt-out approach that most states have previously required. Sourcepoint’s feature supports a new model for consent in the U.S. that has so far been limited to the EU, allowing more customers to be privacy-forward in their approach to navigating such a complex landscape.

As Washington’s “My Health, My Data” Act ushers in a significant change in U.S. regulatory oversight, it’s more important than ever for companies to assess if they are collecting sensitive information or if any of their third-party partners are. This poses a challenge not just because there is no single comprehensive privacy law in the U.S., but because the definitions of sensitive data vary greatly across federal, state and sectoral laws. Several comprehensive state privacy laws include sensitive inferences in their definitions, meaning that data that reveals certain sensitive categories could still trigger the law – like a consumer’s browsing history of health-related articles on a media website or shopping history of health-related purchases on an e-commerce platform. Some states also require express consent before sensitive data is processed.

With the new feature functionality, Sourcepoint’s CMP solution can now be used in a broader, multi-regulation context. Large enterprises can now establish an opt-in message on Sourcepoint’s CMP that notifies users of data collection, asks for consent and passes the signal downstream. Sourcepoint’s highly customizable platform allows companies to tailor messaging to the look and feel of their brand for a seamless experience that encourages more engagement with end users.

“Washington’s health-specific data law represents a big shift in U.S. privacy and consent management,” said Julie Rubash, Chief Privacy Officer and General Counsel at Sourcepoint. “When new U.S. privacy regulations are first implemented, the industry tends to ‘wait and see’ until lawsuits are filed before taking action – but fines and other penalties can come at a high cost and damage a company’s reputation. To stay ahead of the curve and mitigate risk, Sourcepoint’s new CMP feature will allow brands to prepare for a possible domino effect of multistate legislation.”

“We believe 2024 will be the year of sensitive data,” said Gabe Morazán, Product Director at Sourcepoint. “As other states are likely to follow Washington’s lead to pass opt-in laws, now is the time for companies to ensure their enterprise privacy strategy is evolving with the changing landscape in the U.S. and globally. Sourcepoint’s sensitive data opt-in feature allows enterprises to better facilitate a dialogue with their customers to encourage consent decisions and transparency in data sharing.”

About Sourcepoint

Sourcepoint is the leading data privacy software company trusted by the world’s most influential enterprises. Supporting over 30 billion consumer touchpoints per month, Sourcepoint offers enterprise-grade privacy automation for complex, dynamic compliance challenges. Sourcepoint has offices in New York, Berlin, and London. Learn more at

Media Contact:
Kelsey Bates

Latest Blog Posts

You Are Who You Work With: Cookie Consent and Data Privacy

June 11, 2024

Who you work with for consent management and data...

Texas AG Prepares for “Aggressive Enforcement” of Privacy Laws

June 10, 2024

Texas Attorney General announced a data privacy and security...

What are the privacy laws in Canada?

June 6, 2024

Everything you need to know about PIPEDA and Quebec’s...

Latest White Papers

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Ebook: A Publisher’s Guide to Vendor List Curation

December 16, 2021

How to review your vendor list to mitigate compliance...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]