Data Privacy Rights in North Dakota

Source: Federal: FTC Act § 5 (15 U.S.C. § 45), HIPAA (42 U.S.C. § 1320d), COPPA (15 U.S.C. §§ 6501–6506), FERPA (20 U.S.C. § 1232g), GLBA (15 U.S.C. §§ 6801–6809). State: California Consumer Privacy Act/CPRA (Cal. Civ. Code § 1798.100 et seq.), Colorado Privacy Act (C.R.S. § 6-1-1301 et seq.), Connecticut Data Privacy Act (Conn. Gen. Stat. § 42-515 et seq.), Virginia Consumer Data Protection Act (Va. Code § 59.1-575 et seq.), Texas Data Privacy and Security Act (Tex. Bus. & Com. Code Ch. 541).

Last reviewed:

Written in plain language for general understanding. This is educational content, not legal advice. Content is researched from federal statutes, state codes, and official government sources. Each article is reviewed for accuracy before publication. Our editorial process

Federal Law

What is this right?

The United States does not have a single comprehensive federal data privacy law like the EU's GDPR. Instead, privacy is protected through a patchwork of federal sector-specific laws and an expanding number of state privacy laws. Several states — led by California — have passed comprehensive consumer privacy laws giving you the right to know what data companies collect about you, to delete it, and to opt out of its sale.

At the federal level, key privacy laws include HIPAA (health data), FERPA (education records), COPPA (children under 13), GLBA (financial data), and the FTC Act (unfair or deceptive practices). For general consumer data — your browsing history, purchase history, location data, and online behavior — state laws provide the most protection.

When does it apply?

Your data privacy rights apply when:

  • A company collects, stores, or sells your personal data — including name, email, phone, location, browsing history, and purchase history
  • You want to know what data a company has about you
  • You want a company to delete your personal data
  • You want to opt out of the sale or sharing of your personal data
  • A company experiences a data breach that exposes your information

State privacy laws (as of 2026):

  • California (CCPA/CPRA): The strongest state privacy law. Right to know, delete, opt out of sale/sharing, correct inaccurate data, and limit use of sensitive data. Applies to businesses with $25M+ revenue, data on 100,000+ consumers, or 50%+ revenue from data sales. Enforced by the California Privacy Protection Agency.
  • Colorado, Connecticut, Virginia, Texas, Oregon, Montana, and 10+ other states have passed comprehensive privacy laws with varying effective dates through 2026. Most include rights to access, delete, correct, and opt out.
  • States without privacy laws: If your state doesn't have a comprehensive privacy law, your primary protection is the FTC's authority to pursue "unfair or deceptive" data practices.

Common misconceptions:

  • "I have no privacy rights because there's no federal privacy law" — While there's no comprehensive federal law, sector-specific federal laws and state laws provide significant protections depending on the type of data and where you live.
  • "If a service is free, they can do anything with my data" — No. Companies must disclose their data practices in a privacy policy, and state laws may give you opt-out rights regardless of whether you paid for the service.
  • "Deleting my account deletes my data" — Not necessarily. Companies may retain data for legal or business reasons. Under state privacy laws, you can submit a specific deletion request that the company must honor.

What should you do?

Step 1: Check whether your state has a comprehensive privacy law. If you are in California, Colorado, Connecticut, Virginia, Texas, or one of the other states with privacy laws, you have specific rights you can exercise.

Step 2: Submit a data access request to any company you want to know about. Most companies have a "Privacy" or "Do Not Sell My Information" link in their website footer. California residents can use the phrase "right to know" in their request.

Step 3: Opt out of data sales. Under California law and similar state laws, companies must provide a clear mechanism to opt out. Look for "Do Not Sell or Share My Personal Information" links.

Step 4: If your data was exposed in a breach, check whether your state requires the company to notify you and offer credit monitoring. Most states have breach notification laws.

Step 5: File complaints with your state attorney general (most state privacy laws are enforced by the AG) or with the FTC at reportfraud.ftc.gov. California residents can also file with the California Privacy Protection Agency.

What should you NOT do?

Don't ignore data breach notifications. If a company tells you your data was compromised, take it seriously. Change passwords, enable two-factor authentication, and monitor your credit.

Don't accept cookies without thinking. Many websites use cookie banners that default to accepting all tracking. Choose "Reject All" or customize your settings to limit data collection.

Don't assume privacy policies protect you. Most privacy policies are written to maximize what the company can do with your data, not to protect you. Read the sections on data sharing, third parties, and your rights.

Don't pay for data removal services without researching them. Some data removal services charge fees for actions you can take yourself for free under state law. Submit your own requests first.

North Dakota Law
ND

How North Dakota differs from federal law

North Dakota has limited state-level data privacy laws, relying primarily on federal protections:

  • Data breach notification (NDCC § 51-30): Businesses must notify North Dakota residents when a security breach compromises their personal information. Notification must be made in the most expedient time possible and without unreasonable delay.
  • No comprehensive consumer privacy law: Unlike states such as California, Colorado, or Virginia, North Dakota has not enacted a comprehensive consumer data privacy law. There is no general right to request deletion of personal data from businesses or to opt out of data sales.
  • Student data privacy (NDCC § 15.1-07-25.1): Restricts the use and disclosure of student data by educational technology companies and requires data security practices for student information.
  • Insurance data security (NDCC § 26.1-02.2): Requires insurance companies operating in North Dakota to implement information security programs and notify the Insurance Commissioner of data breaches.
  • Federal protections apply: Federal laws including HIPAA (health data), GLBA (financial data), COPPA (children's data), and FERPA (education records) provide baseline protections for North Dakota residents.

Additional Steps in North Dakota

Report data breaches to the North Dakota Attorney General at (701) 328-3404 or attorneygeneral.nd.gov. File identity theft reports with the FTC at identitytheft.gov. Monitor your credit reports at annualcreditreport.com.

Relevant Law: NDCC § 51-30 (data breach notification). NDCC § 15.1-07-25.1 (student data privacy). NDCC § 26.1-02.2 (insurance data security).

Common Questions

When does data privacy rights apply?

Your data privacy rights apply when:A company collects, stores, or sells your personal data — including name, email, phone, location, browsing history, and purchase historyYou want to know what data a company has about youYou want a company to delete your personal dataYou want to opt out of the sale or sharing of your personal dataA company experiences a data breach that exposes your informationState privacy laws (as of 2026):California (CCPA/CPRA): The strongest state privacy law. Right to know, delete, opt out of sale/sharing, correct inaccurate data, and limit use of sensitive data. Applies...

What should I do about data privacy rights?

Step 1: Check whether your state has a comprehensive privacy law. If you are in California, Colorado, Connecticut, Virginia, Texas, or one of the other states with privacy laws, you have specific rights you can exercise.Step 2: Submit a data access request to any company you want to know about. Most companies have a "Privacy" or "Do Not Sell My Information" link in their website footer. California residents can use the phrase "right to know" in their request.Step 3: Opt out of data sales. Under California law and similar state laws, companies must provide a clear mechanism to opt out. Look for...

What mistakes should I avoid with data privacy rights?

Don't ignore data breach notifications. If a company tells you your data was compromised, take it seriously. Change passwords, enable two-factor authentication, and monitor your credit.Don't accept cookies without thinking. Many websites use cookie banners that default to accepting all tracking. Choose "Reject All" or customize your settings to limit data collection.Don't assume privacy policies protect you. Most privacy policies are written to maximize what the company can do with your data, not to protect you. Read the sections on data sharing, third parties, and your rights.Don't pay for da...

More in Consumer Rights

Debt Collector RulesThe Fair Debt Collection Practices Act (FDCPA) is a federal law that limits what debt collectors can do when trying to c...Read more →Credit Report RightsThe Fair Credit Reporting Act (FCRA) gives you the right to see what is in your credit report, dispute mistakes, and hav...Read more →Small Claims CourtSmall claims court is a special court where you can sue someone for a relatively small amount of money without hiring a ...Read more →

Related Topics

Workers' RightsWorkplace HarassmentTax RightsPenalty Abatement
← Browse all Consumer Rights

Legal Resources

We may earn a commission if you use these services — at no extra cost to you. This supports our mission to make legal information free for everyone.

LawDepotSend a formal demand letter to a business or creditor. State-specific financial and consumer documents ready in minutes.Create a Demand LetterCredit KarmaFree credit monitoring, dispute tools, and alerts. Know when your credit report changes.Check Your Credit FreeIdentityGuardIdentity theft protection and monitoring. Get notified if your personal information is misused.Protect Your Identity

You came here to know your rights — help someone else know theirs.

Support This Mission