Data Privacy Rights in South Dakota

Source: Federal: FTC Act § 5 (15 U.S.C. § 45), HIPAA (42 U.S.C. § 1320d), COPPA (15 U.S.C. §§ 6501–6506), FERPA (20 U.S.C. § 1232g), GLBA (15 U.S.C. §§ 6801–6809). State: California Consumer Privacy Act/CPRA (Cal. Civ. Code § 1798.100 et seq.), Colorado Privacy Act (C.R.S. § 6-1-1301 et seq.), Connecticut Data Privacy Act (Conn. Gen. Stat. § 42-515 et seq.), Virginia Consumer Data Protection Act (Va. Code § 59.1-575 et seq.), Texas Data Privacy and Security Act (Tex. Bus. & Com. Code Ch. 541).

Last reviewed:

Written in plain language for general understanding. This is educational content, not legal advice. Content is researched from federal statutes, state codes, and official government sources. Each article is reviewed for accuracy before publication. Our editorial process

Federal Law

What is this right?

The United States does not have a single comprehensive federal data privacy law like the EU's GDPR. Instead, privacy is protected through a patchwork of federal sector-specific laws and an expanding number of state privacy laws. Several states — led by California — have passed comprehensive consumer privacy laws giving you the right to know what data companies collect about you, to delete it, and to opt out of its sale.

At the federal level, key privacy laws include HIPAA (health data), FERPA (education records), COPPA (children under 13), GLBA (financial data), and the FTC Act (unfair or deceptive practices). For general consumer data — your browsing history, purchase history, location data, and online behavior — state laws provide the most protection.

When does it apply?

Your data privacy rights apply when:

  • A company collects, stores, or sells your personal data — including name, email, phone, location, browsing history, and purchase history
  • You want to know what data a company has about you
  • You want a company to delete your personal data
  • You want to opt out of the sale or sharing of your personal data
  • A company experiences a data breach that exposes your information

State privacy laws (as of 2026):

  • California (CCPA/CPRA): The strongest state privacy law. Right to know, delete, opt out of sale/sharing, correct inaccurate data, and limit use of sensitive data. Applies to businesses with $25M+ revenue, data on 100,000+ consumers, or 50%+ revenue from data sales. Enforced by the California Privacy Protection Agency.
  • Colorado, Connecticut, Virginia, Texas, Oregon, Montana, and 10+ other states have passed comprehensive privacy laws with varying effective dates through 2026. Most include rights to access, delete, correct, and opt out.
  • States without privacy laws: If your state doesn't have a comprehensive privacy law, your primary protection is the FTC's authority to pursue "unfair or deceptive" data practices.

Common misconceptions:

  • "I have no privacy rights because there's no federal privacy law" — While there's no comprehensive federal law, sector-specific federal laws and state laws provide significant protections depending on the type of data and where you live.
  • "If a service is free, they can do anything with my data" — No. Companies must disclose their data practices in a privacy policy, and state laws may give you opt-out rights regardless of whether you paid for the service.
  • "Deleting my account deletes my data" — Not necessarily. Companies may retain data for legal or business reasons. Under state privacy laws, you can submit a specific deletion request that the company must honor.

What should you do?

Step 1: Check whether your state has a comprehensive privacy law. If you are in California, Colorado, Connecticut, Virginia, Texas, or one of the other states with privacy laws, you have specific rights you can exercise.

Step 2: Submit a data access request to any company you want to know about. Most companies have a "Privacy" or "Do Not Sell My Information" link in their website footer. California residents can use the phrase "right to know" in their request.

Step 3: Opt out of data sales. Under California law and similar state laws, companies must provide a clear mechanism to opt out. Look for "Do Not Sell or Share My Personal Information" links.

Step 4: If your data was exposed in a breach, check whether your state requires the company to notify you and offer credit monitoring. Most states have breach notification laws.

Step 5: File complaints with your state attorney general (most state privacy laws are enforced by the AG) or with the FTC at reportfraud.ftc.gov. California residents can also file with the California Privacy Protection Agency.

What should you NOT do?

Don't ignore data breach notifications. If a company tells you your data was compromised, take it seriously. Change passwords, enable two-factor authentication, and monitor your credit.

Don't accept cookies without thinking. Many websites use cookie banners that default to accepting all tracking. Choose "Reject All" or customize your settings to limit data collection.

Don't assume privacy policies protect you. Most privacy policies are written to maximize what the company can do with your data, not to protect you. Read the sections on data sharing, third parties, and your rights.

Don't pay for data removal services without researching them. Some data removal services charge fees for actions you can take yourself for free under state law. Submit your own requests first.

South Dakota Law
SD

How South Dakota differs from federal law

South Dakota has basic data breach notification requirements but has not enacted a comprehensive consumer data privacy law:

  • No comprehensive consumer data privacy act: As of 2026, South Dakota has not enacted a comprehensive consumer data privacy law like California's CCPA or Delaware's DPDPA. Consumer data privacy in South Dakota relies on federal sector-specific laws and the state's general consumer protection statutes.
  • Data breach notification (SDCL § 22-40-19 et seq.): South Dakota requires businesses to notify affected individuals of data breaches involving personal information within 60 days of discovery. If the breach affects 250 or more South Dakota residents, the AG must also be notified.
  • Insurance data security (SDCL § 58-1-3.1 et seq.): South Dakota adopted the NAIC Insurance Data Security Model Law, requiring insurers to implement cybersecurity programs and report data breaches.
  • Financial industry presence: South Dakota is home to many credit card and financial services companies (Citibank moved its credit card operations to Sioux Falls in 1981 due to favorable banking laws). Federal financial privacy laws (GLBA) apply to these institutions.
  • No state income tax: South Dakota's lack of a state income tax means less state-level collection of financial data about individuals, though this does not affect private company data collection practices.

Additional Steps in South Dakota

Report data breaches or privacy concerns to the South Dakota Attorney General's Consumer Protection Division at (605) 773-4400 or consumer.sd.gov. File complaints with the FTC at ftc.gov/complaint. For identity theft, file a report with local law enforcement and the FTC at identitytheft.gov.

Relevant Law: SDCL § 22-40-19 et seq. (data breach notification — 60-day deadline), SDCL § 58-1-3.1 et seq. (Insurance Data Security Act), SDCL Ch. 37-24 (Consumer Protection)

Common Questions

When does data privacy rights apply?

Your data privacy rights apply when:A company collects, stores, or sells your personal data — including name, email, phone, location, browsing history, and purchase historyYou want to know what data a company has about youYou want a company to delete your personal dataYou want to opt out of the sale or sharing of your personal dataA company experiences a data breach that exposes your informationState privacy laws (as of 2026):California (CCPA/CPRA): The strongest state privacy law. Right to know, delete, opt out of sale/sharing, correct inaccurate data, and limit use of sensitive data. Applies...

What should I do about data privacy rights?

Step 1: Check whether your state has a comprehensive privacy law. If you are in California, Colorado, Connecticut, Virginia, Texas, or one of the other states with privacy laws, you have specific rights you can exercise.Step 2: Submit a data access request to any company you want to know about. Most companies have a "Privacy" or "Do Not Sell My Information" link in their website footer. California residents can use the phrase "right to know" in their request.Step 3: Opt out of data sales. Under California law and similar state laws, companies must provide a clear mechanism to opt out. Look for...

What mistakes should I avoid with data privacy rights?

Don't ignore data breach notifications. If a company tells you your data was compromised, take it seriously. Change passwords, enable two-factor authentication, and monitor your credit.Don't accept cookies without thinking. Many websites use cookie banners that default to accepting all tracking. Choose "Reject All" or customize your settings to limit data collection.Don't assume privacy policies protect you. Most privacy policies are written to maximize what the company can do with your data, not to protect you. Read the sections on data sharing, third parties, and your rights.Don't pay for da...

More in Consumer Rights

Debt Collector RulesThe Fair Debt Collection Practices Act (FDCPA) is a federal law that limits what debt collectors can do when trying to c...Read more →Credit Report RightsThe Fair Credit Reporting Act (FCRA) gives you the right to see what is in your credit report, dispute mistakes, and hav...Read more →Small Claims CourtSmall claims court is a special court where you can sue someone for a relatively small amount of money without hiring a ...Read more →

Related Topics

Workers' RightsWorkplace HarassmentTax RightsPenalty Abatement
← Browse all Consumer Rights

Legal Resources

We may earn a commission if you use these services — at no extra cost to you. This supports our mission to make legal information free for everyone.

LawDepotSend a formal demand letter to a business or creditor. State-specific financial and consumer documents ready in minutes.Create a Demand LetterCredit KarmaFree credit monitoring, dispute tools, and alerts. Know when your credit report changes.Check Your Credit FreeIdentityGuardIdentity theft protection and monitoring. Get notified if your personal information is misused.Protect Your Identity

You came here to know your rights — help someone else know theirs.

Support This Mission