6 States With Privacy Laws That Get Failing Grades

If you are not concerned about consumer privacy, you should be.

Just about everyone has fallen prey at some time to having their personal information stolen. In addition, many people are simply uncomfortable with businesses knowing too much about them and their shopping habits.

Individual states are aware of the problem. Since 2018, 44 states have at least considered passing legislation designed to protect the privacy and security of their residents, according to the CoPIRG Foundation.

However, just 14 states have followed through — and some of those states have passed weak laws after companies pressured them to water down the provisions, the U.S. PIRG Education Fund says. In a summary of its findings, the U.S. PIRG Education Fund writes:

“Of the 14 laws states have passed so far, all but California’s closely follow a model that was initially drafted by industry giants such as Amazon. From tech to telecomms, there’s a lot of companies making a lot of money in data.”

Here are states with privacy laws so weak that the U.S. PIRG Education Fund and the Electronic Privacy Information Center give them a failing grade.

Texas

This state’s consumer privacy law that was evaluated: Texas Data Privacy and Security Act

When the law goes into effect: July 1, 2024

How the law scored: 16 out of 100 (“F”)

The U.S. PIRG Education Fund and the Electronic Privacy Information Center say the Texas law “leaves a lot to be desired.” Among other things, the groups criticize the law for giving carveouts to the financial, health care and utility industries.

Indiana

This state’s consumer privacy law that was evaluated: Indiana Consumer Data Protection Act

When the law goes into effect: Jan. 1, 2026

How the law scored: 11 out of 100 (“F”)

The U.S. PIRG Education Fund and the Electronic Privacy Information Center criticize this law and the others on this list for allowing companies to continue to collect data on consumers in virtually any way the companies prefer — and using it for any purpose.

Virginia

This state’s consumer privacy law that was evaluated: Consumer Data Protection Act

When the law went into effect: Jan. 1, 2023

How the law scored: 11 out of 100 (“F”)

Virginia was among the first states to pass a privacy law, but the U.S. PIRG Education Fund and the Electronic Privacy Information Center contend that an Amazon lobbyist had a heavy hand in crafting its provisions.

The organizations say the Virginia law became an unfortunate model for several other states on this list.

Utah

This state’s consumer privacy law that was evaluated: Utah Consumer Privacy Act

When the law went into effect: Dec. 31, 2023

How the law scored: 6 out of 100 (“F”)

The U.S. PIRG Education Fund and the Electronic Privacy Information Center criticize the fact that this law — which already has weak protections — applies only to businesses that earn more than $25 million a year.

Tennessee

This state’s consumer privacy law that was evaluated: Tennessee Information Protection Act

When the law goes into effect: July 1, 2025

How the law scored: 6 out of 100 (“F”)

The U.S. PIRG Education Fund and the Electronic Privacy Information Center lament the fact that this law — like the others on this list — requires a consumer to go one-by-one to hundreds or thousands of companies and ask them to delete the consumer’s data.

Iowa

This state’s consumer privacy law that was evaluated: Iowa Data Privacy Act

When the law goes into effect: Jan. 1, 2025

How the law scored: 4 out of 100 (“F”)

Finally, the U.S. PIRG Education Fund and the Electronic Privacy Information Center note that this Iowa law is so weak that it “provides no meaningful privacy protections to consumers.”

The organizations say that criticism can also be leveled at all the other laws on this list.