More States Pass Consumer Data Privacy Laws
In the continuing absence of federal privacy legislation and in response to growing public concern over privacy rights, more states are tackling the void that exists in the area of consumer privacy protection in the United States. On the heels of Iowa’s new law, Indiana, Montana, Tennessee and Texas also have enacted consumer data privacy laws before the close of their respective 2022-23 legislative sessions.
A comparative review of these 10 state data protection laws can be found here. It is worth noting that the following states are also considering data privacy legislation: Delaware, Maine, Massachusetts, New Hampshire, New Jersey, North Carolina, Oregon, Pennsylvania, and Rhode Island. If passed, nearly half of the U.S. states will have their own data privacy laws; however, it is possible that some or all of these laws may die on the vine as the states’ legislative sessions come to a close.
As the chart highlights, there are considerable differences among the various state data privacy laws, which will make compliance a challenge for many companies. In light of this added complexity, clients should consider a two-pronged approach to compliance: (1) review each state’s law to determine whether a company falls within the scope of the law and is therefore required to comply with it, and (2) develop a compliance program that will enable compliance with all applicable laws. It may make sense for a company to gear its compliance program to the most stringent requirements across the board, rather than trying to implement varying requirements, processes and procedures for each state.
If you have questions or need assistance determining how to comply with state data privacy laws, please contact Virginia Fournier at [email protected].
A member of our California team, Virginia Fournier is a seasoned technology and privacy attorney with over 25 years of legal and business experience in the industry. She regularly handles a wide range of technology-related matters, including negotiating and drafting complex licensing agreements, compliance, data security and privacy, and intellectual property issues. Virginia is also a Certified Information Privacy Professional (CIPP/US and CIPP/E certifications).
This publication should not be construed as legal advice or a legal opinion on any specific facts or circumstances not an offer to represent you. It is not intended to create, and receipt does not constitute, an attorney-client relationship. The contents are intended for general informational purposes only, and you are urged to consult your attorney concerning any particular situation and any specific legal questions you may have. Pursuant to applicable rules of professional conduct, portions of this publication may constitute Attorney Advertising.