Skip to main content

Privacy Laws & Data Protection

Understanding federal, state, and international privacy laws that protect your personal data

GDPR - General Data Protection Regulation

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive privacy law enacted by the European Union in 2018. While it's an EU regulation, it applies to any organization worldwide that processes personal data of EU residents.

Your GDPR Rights:

Right to Access

Request a copy of all personal data held about you

Right to Rectification

Correct inaccurate or incomplete personal data

Right to Erasure

Request deletion of your personal data ("right to be forgotten")

Right to Data Portability

Receive your data in a machine-readable format

Right to Restriction

Limit how your data is processed

CCPA - California Consumer Privacy Act

What is CCPA?

The California Consumer Privacy Act (CCPA), effective January 2020, is one of the most comprehensive privacy laws in the United States. It gives California residents control over their personal information and applies to businesses operating in California.

Your CCPA Rights:

  • Know what personal information is collected about you
  • Know if your personal information is sold or disclosed
  • Access your personal information
  • Request deletion of your personal information
  • Opt-out of the sale of your personal information
  • Non-discrimination for exercising your privacy rights

U.S. State Privacy Laws

Comprehensive State Privacy Framework

Beyond California's CCPA, over 20 U.S. states have enacted comprehensive privacy laws. ProperPost complies with all applicable state requirements including:

States with Comprehensive Privacy Laws:

  • ✓ California (CCPA/CPRA)
  • ✓ Virginia (VCDPA)
  • ✓ Colorado (CPA)
  • ✓ Connecticut (CTDPA)
  • ✓ Utah (UCPA)
  • ✓ Montana (MCDPA)
  • ✓ Oregon (OCPA)
  • ✓ Texas (TDPSA)
  • ✓ Delaware (DPDPA)
  • ✓ Iowa (ICDPA)
  • ✓ Indiana (ICDPA)
  • ✓ Tennessee (TIPA)
  • ✓ Florida (FDBR)
  • ✓ New Jersey (proposed)
  • ✓ Maryland (proposed)
  • ✓ Massachusetts (proposed)
  • ✓ Minnesota (proposed)
  • ✓ Nebraska (proposed)
  • ✓ New Hampshire (proposed)
  • ✓ And more...

Common Rights Across State Laws: Right to know, right to delete, right to correct, right to opt-out of data sales/targeted advertising, right to data portability

Federal Regulations

TSR - Telemarketing Sales Rule

The Telemarketing Sales Rule (TSR), enforced by the FTC, requires businesses to maintain Do Not Call records for 5 years to prove compliance.

Key Requirements:

  • 5-year retention of opt-out requests
  • Written procedures for maintaining DNC lists
  • Training records for telemarketing staff
CAN-SPAM Act

The CAN-SPAM Act regulates commercial email and requires maintaining opt-out records indefinitely to honor unsubscribe requests.

Key Requirements:

  • Indefinite retention of email opt-outs
  • Honor unsubscribes within 10 business days
  • Clear and conspicuous opt-out mechanism
Fair Housing Act

For property management, the Fair Housing Act recommends retaining records for 7 years to defend against discrimination claims.

Best Practices:

  • 7-year retention of tenant communications
  • Document all interactions consistently
  • Maintain anti-discrimination compliance
FTC Section 5 & Data Minimization

The FTC enforces against excessive data retention as an unfair practice. Delete data when no longer needed for legitimate business purposes.

Compliance Approach:

  • Balance retention needs with minimization
  • Document business justifications
  • Automated deletion when appropriate

How to Exercise Your Privacy Rights

Submit a Privacy Request

Use our privacy request form to exercise your rights under GDPR or CCPA. We'll process your request within the legally required timeframes.

Opt-Out of Communications

Control marketing communications and promotional messages. This is separate from your broader privacy rights.