State Consumer Privacy Act Frequently Asked Questions - (FAQ)

State privacy laws in Colorado, Connecticut, Florida, Montana, Oregon, Texas, and Virginia provide certain privacy rights to their respective resident consumers regarding their personal data. These frequently asked questions (“FAQs”) provide general consumer information about the Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Florida Digital Bill of Rights (FDBR), Montana Consumer Data Privacy Act of 2023 (MCDPA), Oregon Consumer Privacy Act (OCPA), Texas Data Privacy and Security Act (TDPSA), and Virginia Consumer Data Privacy Act (VCDPA) (collectively, “State Consumer Privacy Laws”). For more information about our privacy practices, including those relevant to your state of residency, please visit our Your Privacy Rights and State Consumer Privacy Rights pages. If you are a resident of California, we have a separate FAQ related to the California Consumer Privacy Act (CCPA).

What are the CPA, CTDPA, FDBR, MCDPA, OCPA, TDPSA, and VCDPA?

These are acronyms for State Consumer Privacy Laws passed by the states of Colorado (Colorado Privacy Act - CPA), Connecticut (Connecticut Data Privacy Act CTDPA), Florida (Florida Digital Bill of Rights - FDBR), Montana (Montana Consumer Data Privacy Act of 2023 - MCDPA), Oregon (Oregon Consumer Privacy Act - OCPA), Texas (Texas Data Privacy and Security Act -TDPSA), and Virginia (Virginia Consumer Data Privacy Act – VCDPA), respectively.

With ever-expanding internet and technology use, many states have begun to pass consumer data privacy laws in recent years. These laws primarily govern how a consumer’s personal information can be collected, used, and shared by businesses of a certain size that are operating in those states. The State Consumer Privacy Laws also grant individuals certain rights related to their personal information. Collectively, these laws provide the following rights to their residents regarding their personal data:

The right to know and access what personal data a business has collected from or about them and how that data is used and shared;
The right to delete their personal data;
The right to correct inaccurate personal data;
The right to receive a portable copy of the personal data previously provided to the business;
The right to appeal a business’s refusal to take action on a consumer’s request to exercise their other rights;
The right to opt-in to the processing of sensitive data in certain circumstances,
The right to opt-out of the processing of personal data for targeted advertising purposes, the sale of personal data, and profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer;
The right to opt out of the collection of personal data through voice recognition features (Florida only); and
The right to non-discrimination and equal service for exercising their consumer data rights.

For more information about our overall privacy practices, including those relevant to your state of residency, please visit our Your Privacy Rights and State Consumer Privacy Rights pages.

When do or did these State Consumer Privacy Laws go into effect?

The Virginia Consumer Data Protection Act took effect on January 1, 2023.
The Colorado Privacy Act and the Connecticut Data Privacy Act took effect on July 1, 2023.
The Florida Digital Bill of Rights, Oregon Consumer Privacy Act, and Texas Data Privacy and Security Act will go into effect on July 1, 2024.
The Montana Consumer Data Privacy Act of 2023 will go into effect October 1, 2024.

What is personal data?

While the laws differ slightly in their definition, generally, personal data (sometimes referred to as personal information) is any information that is linked or reasonably linked to an identified or identifiable natural person, including, but not limited to their name, address, email, phone number, or social security number. Personal data does not include deidentified data or publicly available information.

What is sensitive data?

While the laws vary in the definition of sensitive data (sometimes referred to as sensitive personal information), generally, sensitive data is personal data that reveals some combination of: an individual's racial or ethnic origin, citizenship or citizenship status, immigration status, religious or philosophical beliefs, genetic data or biometric data used to uniquely identify an individual, health data, data concerning a person’s mental or physical condition, data concerning a person's sex life or sexual orientation, precise geolocation data (typically a location within 1,750 feet) or data of a known child (under the age of 13 in all states noted above other than Florida where the age is 18).

Who enforces the new state privacy laws?

Each states’ attorney general has exclusive authority to investigate and enforce the State Consumer Privacy Laws.

How do I opt-out of the use of my personal data for purposes of targeted advertising?

Spectrum offers many choices to help you manage your privacy and ensure that you have meaningful choice and control over how we use your data, including those consumer choices covered under applicable state laws. You can manage your privacy preferences by visiting our Privacy Preferences page.

How do I exercise my state-specific privacy rights?

If you are resident of Colorado, Connecticut, Florida, Montana, Oregon, Texas, or Virginia, you can submit a consumer request by visiting our online request page at https://privacy.spectrum.net.

When should I expect to receive a response to my consumer request?

Under applicable state laws, Spectrum has forty-five (45) days in which to respond to a consumer’s request. In some instances, Spectrum may need additional time to complete your request. The State Consumer Privacy Laws permit Spectrum to seek a one-time extension of this initial response period for up to a total of between sixty (60) and ninety (90) days to respond to the consumer’s request. In the event Spectrum needs additional time, we will notify you of the need for an extension within the initial forty-five (45) day period.

Can Spectrum deny my request to delete personal data?

The State Consumer Privacy Laws grant consumers the right to submit a consumer request that a business delete their personal data. Although individual state laws differ, generally Spectrum may decline a consumer’s request to delete when such information is necessary to comply with law, investigate and defend legal claims, fraud or the security of Spectrum or others, provide you with a product or service you requested, or for public or peer-reviewed scientific or statistical research in the public interest, or if the information is not subject to the applicable consumer privacy law.

How will I know when my request for access, portability, correction, or deletion has been completed?

For access and portability requests, you will receive an email that will contain instructions on how you can view and or download your personal information file. For all other requests, the email you receive will contain the results of the request.