Wyoming: An Overview of Data Protection & Data Privacy Law

In the era of cybersecurity threats, protecting consumers’ personal and sensitive personal information has become paramount. To enable seamless protection of data and consumers’ privacy rights, comprehensive data privacy laws have been established.

Wyoming, like many other states in the US, recognizes the dire importance of such laws. However, it has yet to establish a state-wide regulation for ensuring personal data privacy and security. The blog aims to give readers a brief look at the state of privacy laws in Wyoming, outlining existing sectoral laws.

Wyoming Consumer Protection Act

The Wyoming Consumer Protection Act (the “Act”) restricts organizations from taking advantage of citizens through various unfair or deceptive practices or misrepresentations. Moreover, the act gives the Attorney General exclusive rights to investigate such matters and file lawsuits, provided that the AG has reasonable cause to believe that an organization breached the act in any manner whatsoever.

In the event of a violation of the terms of a permanent injunction, the enforcing authority may recover a civil penalty of not more than $5,000 from the violator on behalf of the state. Similarly, in the event of a willful violation, the violator will be liable for a civil penalty of not more than $10,000 per violation.

Wyoming Genetic Data Privacy Law

The Wyoming Genetic Data Privacy Law (HB 86) was signed into law in March 2022 and took effect on July 1, 2022. As the name suggests, the law primarily covers entities that collect or test consumers’ genetic data, specifically direct-to-consumer genetic testing companies. The law provides multiple privacy rights to consumers, such as the consumer may request access to their genetic data, the deletion of their account or genetic data, and they may also request entities to provide or destroy biological samples. HB 86 provides exclusive rights to the Attorney General to enforce violations regarding the law. Similarly, the AG may enforce a civil penalty of up to $2,500 each per violation, as well as attorney’s fees and actual damages cost.

Data Breach Notification Guidelines

The Consumer Protection Act provides a detailed guideline for data breach notification requirements under Article 5 of Credit Freeze Reports. The Data Breach Notification Guidelines require that organizations that experience a breach provide breach notifications to the affected parties without undue delay. The guidelines cover businesses operating in the state of Wyoming that experience a breach incident involving more than 10,000 residents or 500,000 individuals for businesses operating outside the state.

Apart from these sectoral laws, various other federal laws may apply to businesses in the state, such as GLBA, HIPAA, FCRA, etc. Hence, businesses must familiarize themselves with such laws to ensure compliance.