Idaho does not yet have a comprehensive consumer data privacy law like California's CCPA or Virginia's CDPA. However, that does not mean Idaho residents are without protections. Existing state laws cover data breach notification, consumer protection against deceptive practices, and a groundbreaking new ban on mandatory digital identification. Here is what you need to know about your privacy rights in Idaho and how to take action today.
Idaho's Current Privacy Landscape
As of 2026, Idaho is one of the remaining states without a comprehensive data privacy statute. There is no single law granting Idaho residents broad rights to access, delete, or opt out of the sale of their personal data. Proposed bills have been introduced in recent legislative sessions, but none have advanced to passage.
That said, Idaho residents are protected by a patchwork of existing state and federal laws that address specific privacy concerns.
Idaho's Data Breach Notification Law
Idaho Code § 28-51-104 et seq. requires businesses and government agencies to notify Idaho residents when a security breach compromises their personal information. Key provisions include:
- Who must comply: Any person, business, or state agency that conducts business in Idaho and owns or licenses computerized data containing personal information of Idaho residents.
- What triggers notification: Unauthorized acquisition of unencrypted computerized data that materially compromises the security, confidentiality, or integrity of personal information.
- Personal information covered: An Idaho resident's first name or initial and last name combined with a Social Security number, driver's license or state ID number, or financial account number with access credentials.
- Timeline: Notification must be provided in the most expedient time possible and without unreasonable delay. There is no specific day count, but regulators expect prompt action.
- Enforcement: The Idaho Attorney General can bring actions under the Idaho Consumer Protection Act for violations.
What to Do If You Receive a Breach Notification
If an Idaho business notifies you of a data breach, immediately change passwords for affected accounts, enable two-factor authentication, monitor your credit reports, and consider placing a fraud alert or credit freeze with Equifax, Experian, and TransUnion. If your Social Security number was compromised, file an identity theft report at identitytheft.gov.
Idaho Consumer Protection Act
The Idaho Consumer Protection Act (Idaho Code § 48-601 et seq.) prohibits unfair or deceptive business practices. While it is not a privacy law per se, the Idaho Attorney General has used it to take action against companies that:
- Misrepresent how they collect, use, or share personal data
- Fail to honor their own privacy policies
- Engage in deceptive data collection practices
- Fail to take reasonable steps to protect personal information
If you believe a company has violated its privacy commitments, you can file a consumer complaint with the Idaho Attorney General's Consumer Protection Division.
Senate Bill 1299: Idaho Bans Mandatory Digital ID
In April 2026, Governor Brad Little signed Senate Bill 1299, making Idaho one of the first states to prohibit government entities from requiring residents to obtain, maintain, present, or use digital identification. This law reflects Idaho's strong stance on individual privacy and government overreach.
Key provisions of SB 1299:
- No state or local government agency may require a digital ID as a condition of accessing services or exercising rights
- Physical identification documents must remain a valid alternative
- The law protects residents from being forced into digital tracking systems tied to government-issued credentials
Idaho Lacks Opt-Out Rights
Without a comprehensive privacy law, Idaho residents cannot legally compel data brokers to delete their personal information or stop selling it based on state law alone. Federal laws like the FCRA provide some rights for credit-related data, but people search sites and data aggregators operate in a legal gray area in Idaho.
Federal Laws That Protect Idaho Residents
Even without a state privacy law, several federal statutes provide important protections:
- Fair Credit Reporting Act (FCRA): Regulates how consumer credit information is collected, shared, and used. Gives you the right to dispute inaccurate information and opt out of prescreened credit offers.
- Health Insurance Portability and Accountability Act (HIPAA): Protects the privacy of your medical records and health information.
- Children's Online Privacy Protection Act (COPPA): Restricts the collection of personal information from children under 13.
- Gramm-Leach-Bliley Act (GLBA): Requires financial institutions to explain their data-sharing practices and protect sensitive data.
- CAN-SPAM Act: Gives you the right to opt out of commercial emails.
How Idaho Residents Can Protect Their Privacy Today
The absence of a comprehensive state law means Idaho residents need to be proactive about their privacy. Here are the most effective steps you can take:
- Search for yourself online. Google your name along with your city and state. Check people search sites like Spokeo, WhitePages, BeenVerified, and TruePeopleSearch to see what personal information is publicly available.
- Submit opt-out requests manually. Most data brokers provide an opt-out process, even in states without privacy laws. Visit each site, find their privacy or opt-out page, and submit removal requests for your records.
- Freeze your credit. Contact Equifax, Experian, and TransUnion to place a free credit freeze, which prevents new accounts from being opened in your name.
- Use privacy-focused tools. Enable Global Privacy Control in your browser, use a VPN, and consider masked email addresses for online signups.
- Request your data under federal law. You can request free annual credit reports and dispute inaccurate information under the FCRA.
- Use a data removal service. Because Idaho lacks legal tools to force data brokers to comply, a service like PrivacyOn that continuously monitors and submits removal requests on your behalf is especially valuable. PrivacyOn covers 100+ data broker sites and re-submits requests when brokers re-list your information.
Will Idaho Pass a Privacy Law?
Privacy legislation has been introduced in Idaho multiple times but has not gained sufficient momentum. Idaho's political landscape tends to favor limited government regulation, which has slowed progress compared to states like California, Colorado, and Virginia. However, as more states adopt comprehensive privacy laws — 20 states had active laws by early 2026 — pressure is mounting for holdout states to act.
Until Idaho passes its own law, residents should take advantage of every tool available to protect their personal data. Whether you tackle opt-outs manually or let PrivacyOn handle the process, the important thing is to act now rather than wait for legislation that may be years away.