US Rights Guide

Your Data Privacy Rights in the US

There is no single US federal privacy law, but CCPA (California), state laws, and sector rules give you rights to access, delete, and opt out of data sales. Here is how.

FreeUS Law3 related guides

Direct Answer

The US has no single comprehensive federal privacy law, but a patchwork of protections: California's CCPA gives California residents broad rights to know, delete, and opt out of data sales. Most states now have their own privacy laws. Sector-specific laws (HIPAA for health, FERPA for education, COPPA for children) give additional rights. File complaints with your state's attorney general or the FTC.

What the Law Says

Your Legal Foundation

California Consumer Privacy Act (CCPA / CPRA)

Cal. Civ. Code § 1798.100

“A consumer shall have the right to request that a business disclose the categories and specific pieces of personal information collected; the right to delete; and the right to opt-out of the sale of personal information.”

Health Insurance Portability and Accountability Act (HIPAA)

45 CFR § 164.524

“Covered entities must provide individuals with access to their protected health information upon request within 30 days.”

Children's Online Privacy Protection Act (COPPA)

15 U.S.C. § 6502

“Operators of websites directed at children under 13 must obtain verifiable parental consent before collecting personal information.”

What to Do

Step-by-Step Guide

1Know which laws apply to you. California residents have the strongest rights under CCPA/CPRA. Over 15 other states now have comprehensive privacy laws (Texas, Virginia, Colorado, Florida, etc.). Check your state's attorney general website.
2Submit a Data Subject Request (DSR) to the company — ask to know what data they have, request deletion, or opt out of sale. Companies must respond within 45 days under most state laws.
3For health data, contact the covered entity (hospital, insurer) and request your records under HIPAA. They must respond within 30 days. File complaints with HHS Office for Civil Rights at hhs.gov/ocr.
4For other violations, file with your state AG. California residents can also file with the California Privacy Protection Agency (CPPA).

What to Say

Exact Words to Use

“"Under [California's CCPA / your state privacy law], I am submitting a request to know what personal information you hold about me, to delete all personal information, and to opt out of any sale of my personal information. Please respond within 45 days."”

Tone: Written — to any company covered by your state's privacy law

Common Questions

Frequently Asked Questions

Does the US have a federal privacy law like Europe's GDPR?

Not yet. There have been many proposals for a federal American Data Privacy and Protection Act (ADPPA) but none have been enacted as of 2026. The US relies on a patchwork of state laws and sector-specific rules.

My medical records were shared without my consent — what do I do?

File a HIPAA complaint with the HHS Office for Civil Rights at hhs.gov/ocr within 180 days. HIPAA prohibits covered entities (hospitals, insurers, doctors) from sharing your protected health information without consent except in specific circumstances. Violations can result in significant fines.

I received a data breach notification — what should I do?

Most states require companies to notify you of breaches involving your personal data. Monitor your credit (you can get free reports at annualcreditreport.com), place a credit freeze at all three bureaus (Equifax, Experian, TransUnion), and consider filing a complaint with your state AG.

Can I stop companies from selling my data?

If you are in California, yes — CCPA gives you the right to opt out of the sale of your personal information. Other states with privacy laws also provide opt-out rights. Look for "Do Not Sell My Personal Information" links on websites.

Get Help Now

Resources & Helplines

FTC Privacy Resources
consumer.ftc.gov/privacy
Privacy rights guides and complaint filing.
HHS Office for Civil Rights (HIPAA)
hhs.gov/ocr / 1-800-368-1019
HIPAA complaints about health data misuse.
California Privacy Protection Agency (CCPA)
cppa.ca.gov
California residents: privacy rights and complaints.
Your State AG Privacy Division
Search "[your state] attorney general privacy"
State-level data privacy complaints and enforcement.

Continue Learning

Practice Your Rights Out Loud

The Advocate gives you exact rebuttals, law references, and Scripture for real-life scenarios. Free to try.

Open The Advocate — Free

No credit card needed · Know Your Rights. Know Your Word.