Washington
💡 Last Updated October 2025. Written with contributions from both human authors and LLMs. If you find incorrect or outdated information let us know at support@optery.com.
Data brokers are selling your personal information. Optery finds it and removes it for you.
Privacy law in Washington
Washington does not yet have a signed, comprehensive consumer privacy law. Substitute House Bill 1671 (SHB 1671) is a comprehensive privacy bill that passed the House and was moving through the 2025 legislative session, but as of this extraction it has not been signed into law. The bill would grant Washington residents broad rights to access, correct, delete, and opt out of the sale or targeted use of their personal data. In the meantime, Washington residents have protections under existing sector-specific laws — including the My Health MY Data Act (RCW 19.373), which covers consumer health data — and may still use services like Optery to remove their data from data brokers regardless of state law.
What protections do exist in Washington
Washington My Health MY Data Act
Protects consumer health data collected by regulated entities and small businesses in Washington. Requires affirmative consent before collecting or sharing consumer health data, gives consumers the right to access and delete their health data, and prohibits geofencing around health care facilities. The Act applies broadly to any business that collects consumer health data about Washington residents — not just HIPAA-covered entities. (RCW 19.373)
Washington Data Breach Notification Law
Requires businesses and government agencies to notify Washington residents when their personal information is compromised in a security breach. Notification must be made in the most expedient time possible and without unreasonable delay. Covered personal information includes Social Security numbers, financial account information, health data, and more. (RCW 19.255.010)
Washington Biometric Privacy (as referenced in My Health MY Data Act)
Biometric data is defined and regulated under Washington's My Health MY Data Act as a category of consumer health data. This includes fingerprints, voiceprints, iris or retina scans, and other unique biological identifiers. Collection and use of biometric data requires affirmative consumer consent. (RCW 19.373.010)
Washington Children's Online Privacy — COPPA Compliance
Under both existing Washington law and the pending HB 1671, controllers that comply with COPPA's verifiable parental consent requirements are deemed compliant with obligations to obtain parental consent. The pending bill also prohibits targeted advertising and sale of personal data of known minors. (SHB 1671, Sec. 2(4); Sec. 6(2))
Federal protections that apply to Washington residents
Even without a comprehensive state privacy law, federal protections still apply to Washington residents. The FTC Act Section 5 prohibits unfair or deceptive data practices by businesses. HIPAA protects your medical records held by health care providers and insurers. COPPA limits collection of personal data from children under 13. The Gramm-Leach-Bliley Act protects financial data held by banks and financial institutions, and the Fair Credit Reporting Act governs how your credit information can be used and shared.
What’s happening in the Washington legislature
Several privacy bills have been introduced in Washington. None has passed into law yet, but they signal where consumer privacy legislation in the state may be heading.
SHB 1671
Substitute House Bill 1671 would establish a comprehensive personal data privacy law for Washington residents. It would give consumers the rights to access, correct, delete, and obtain a portable copy of their personal data, to opt out of targeted advertising, data sales, and automated profiling decisions, and to use authorized agents on their behalf. Enforcement would be through the Washington Attorney General under the Consumer Protection Act, with a 30-day cure period and enforcement effective August 1, 2026. Status: in committee.
How Optery helps Washington residents
Data brokers collect and sell personal information about almost every American adult — home addresses, phone numbers, family relationships, employment history. They do this regardless of whether your state has a comprehensive privacy law. Optery scans over 200 data brokers to find where your information is exposed, then submits removal requests on your behalf and tracks compliance. Our service works for every US resident, not just those in states with strong privacy statutes.