Idaho
Privacy Law Status
Comprehensive Privacy Law
Idaho currently does not have a comprehensive consumer data privacy law in effect[1]. Unlike states such as California, Virginia, and Colorado that have enacted broad privacy legislation, Idaho residents do not have access to comprehensive data privacy rights under state law. The state’s privacy protections are limited to specific sectors and situations, primarily focusing on data breach notifications and certain industry-specific protections.
Legislative Activity
The Idaho Legislature has shown limited activity regarding comprehensive privacy legislation[1]. Senate Bill 1066 passed the Idaho Senate on March 10, 2025, but has not been enacted into law as it has not passed the Idaho House of Representatives. The bill is pending further legislative action and remains in the process of being potentially amended[2]. This represents an incremental improvement to Idaho’s existing privacy framework rather than comprehensive reform. No comprehensive privacy bill has been introduced in recent legislative sessions.
Implementation Timeline
Since Idaho lacks comprehensive privacy legislation, there are no implementation timelines for broad consumer privacy rights. Idaho residents currently rely on federal privacy protections and the state’s limited sector-specific laws, including the data breach notification statute that has been in effect since 2006.
Your Rights as a Idaho Resident
Idaho residents have very limited privacy rights under state law compared to residents of states with comprehensive privacy legislation. The following rights are available under current Idaho law:
- Right to data breach notification – You must be notified if your personal information is compromised in a data breach by entities conducting business in Idaho[3][4]
- Right to request investigation – Entities must conduct reasonable investigations to determine if personal information has been or will be misused following a security breach[3]
- Right to consumer protection – Limited rights under the Idaho Consumer Protection Act against deceptive business practices, including some privacy-related violations[5]
- Right to student data protection – Students have protections under Idaho’s Student Data Accessibility, Transparency & Accountability Act[1]
These rights are significantly more limited than comprehensive privacy rights available in other states, such as the right to know what data is collected, the right to delete personal information, or the right to opt out of data sales.
Business Requirements
Idaho imposes limited privacy-related obligations on businesses compared to states with comprehensive privacy laws:
- Data breach notification compliance – All entities conducting business in Idaho must notify affected residents promptly after discovering a breach involving personal information[3][4]
- Government agency notification – Public agencies must notify the Idaho Attorney General within 24 hours of discovering a security breach[3][6]
- Investigation requirements – Entities must conduct reasonable investigations to determine if personal information has been or will be misused following a breach[3]
- Student data protections – Educational institutions must comply with specific requirements under Idaho’s student data protection law[1]
- Consumer protection compliance – Businesses must avoid deceptive practices that could violate the Idaho Consumer Protection Act[5][7]
Practical Impact
- Limited daily privacy protection – Idaho residents lack comprehensive control over how businesses collect, use, and share their personal information, unlike residents in states with robust privacy laws
- Breach notification benefits – Residents do receive timely notification when their personal information is compromised, allowing them to take protective measures such as credit monitoring[3][6]
- Consumer complaint options – The Idaho Attorney General’s Consumer Protection Division can investigate complaints related to deceptive practices, including some privacy violations[8][7]
- Reliance on federal protections – Idaho residents must depend primarily on federal laws like HIPAA for healthcare data, FERPA for educational records, and sectoral federal privacy protections
- Limited enforcement mechanisms – Without comprehensive state privacy law, residents have fewer legal avenues to address privacy violations compared to other states
Comparison Context
- Lagging behind leading states – Idaho significantly trails states like California, Virginia, Colorado, and Connecticut that provide comprehensive consumer privacy rights including data access, deletion, and opt-out rights[9][10][11]
- Missing fundamental rights – Idaho residents lack basic privacy rights that are becoming standard elsewhere, such as the right to know what personal information businesses collect and the right to request deletion of personal data
- No opt-out protections – Unlike residents in states with comprehensive laws, Idahoans cannot opt out of the sale of their personal information or targeted advertising practices
- Limited business obligations – Idaho businesses face minimal privacy compliance requirements compared to entities operating in states with comprehensive privacy frameworks
- Enforcement gap – The state lacks dedicated privacy enforcement mechanisms that exist in other states, relying instead on general consumer protection authorities
Action Steps for Residents
- Stay informed about breaches – Monitor communications from businesses and organizations for data breach notifications, and take recommended protective actions when notified[6]
- File consumer complaints – Report privacy-related deceptive practices to the Idaho Attorney General’s Consumer Protection Division, which can investigate and potentially take action[7]
- Engage with legislators – Contact your state representatives to express support for comprehensive privacy legislation and advocate for stronger consumer privacy protections
- Utilize federal rights – Take advantage of privacy rights available under federal laws in specific sectors, such as healthcare and financial services
- Practice personal privacy protection – Implement personal privacy measures such as reviewing privacy policies, using privacy settings on social media, and being cautious about sharing personal information
- Monitor legislative developments – Stay updated on potential privacy legislation through the Idaho Legislature’s website and consider participating in public comment periods
Official Resources and Contact Information
Idaho State Legislature
Contact your state legislators to advocate for privacy legislation or stay informed about current bills. During legislative sessions (approximately January through March), you can reach the Legislature at:
Phone: 208-332-1000 (local) or 800-626-0471 (toll-free)
Email: Messages must include your name and address
Website: https://legislature.idaho.gov/
Find Your Legislators
To identify and contact your specific state representatives:
Find Your Legislator Tool
Contact Information for All Legislators
Idaho Attorney General – Consumer Protection
For filing complaints about privacy-related deceptive practices or data breach issues:
Idaho Attorney General Consumer Protection Division
954 W. Jefferson, 2nd Floor
Boise, ID 83702
Phone: 208-334-2424
Toll-free: 1-800-432-3545
Website: https://www.ag.idaho.gov/consumer-protection/
Security Breach Reporting
For information about security breaches affecting Idaho residents:
Email: consumer_protection@ag.idaho.gov
Information: Security Breach Notifications
Legislative Information Center
For general information about the legislative process and current bills:
Phone: 208-332-1000 (local) or 800-626-0471 (toll-free)
TTY/TTD: 7-1-1
Website: Legislative Information Center
Sources and Citations
Last Updated August 2025. Written with contributions from both human authors and Perplexity AI. If you find incorrect or outdated information let us know at support@optery.com.