Wyoming does not yet have a single, comprehensive consumer privacy law. The state relies on sector and topic-specific rules.
Even without an omnibus law, strong privacy operations matter as they help organizations comply with existing rules while preparing for future ones. This guide provides an overview of current laws in Wyoming and outlines important considerations for businesses operating in the state.
The Current State of the Data Protection Laws in Wyoming
Wyoming Consumer Protection Act: This statute defines key terms, duties, and breach notification requirements for entities conducting business in the state.
Genetic Data Privacy Act: This law lays down the requirements for clear notices and consent, with enforcement by the Attorney General.
Applicable Federal Laws
Depending on the industry and nature of the data, federal frameworks continue to set the floor:
- Health Insurance Portability and Accountability Act (HIPAA) for protected health information handled by covered entities and business associates.
- Children’s Online Privacy Protection Act (COPPA) for online data about children under 13.
- Gramm-Leach-Bliley Act (GLBA) for financial institutions’ customer data.
- Fair Credit Reporting Act (FCRA) for data collected or used for consumer credit scoring.
Best Practices for Businesses
Businesses operating in Wyoming are encouraged to ensure safe data protection and privacy practices. The following recommendations may be considered when aligning with state, federal, and industry requirements:
- Create an inventory of all data assets and data locations. Identify what is collected, where it resides, who accesses it, and what rules apply, including cross-border restrictions.
- Enable data mapping automation to understand data flow across systems. Track lineage and quality through the data lifecycle.
- Implement technical, physical, and administrative security measures that align with the organization’s risk profile and with breach notification duties in Wyoming.
- Provide users with clear choices on the collection, processing, sharing, and sale of data where required. Use prominent notices and honor opt-out or consent rules under federal or sectoral laws.
- Train employees who access sensitive data. Reinforce secure handling and cybersecurity hygiene.
Conclusion
Although Wyoming’s privacy and data protection framework is currently sectoral, organizations can efficiently navigate the complex privacy legal landscape by adhering to best practices and investing resources in understanding applicable laws.
Breach notification, genetic privacy, and public sector data policies lead the way. It is thus integral to build a privacy program that maps data, secures it, and respects user choices. Track state and federal activity to stay ready for what comes next.
