US privacy laws are increasing—is your privacy program ready?

Marti Arvin (marti.arvin@cynergistek.com) is Executive Advisor at CynergisTek in Austin, Texas, USA.

The General Data Protection Regulation (GDPR) threw many US companies for a loop, particularly those with a global presence. But many domestic US companies quickly learned there was not much to be concerned with, as GDPR did not likely apply to them or the data they collected. However, with the advent of the California Consumer Privacy Act (CCPA), that changed.

The CCPA has been around for several years, but it was not until 2020 that the law was effective and regulations were enacted. Then California added the California Privacy Rights Act (CPRA) provisions to the compliance requirements, with an effective date of January 1, 2023.[1] Then in 2021, Virginia added the Consumer Data Protection Act (CDPA), effective January 1, 2023.[2] Colorado followed with the Colorado Privacy Act (CPA), effective July 1, 2023.[3] These laws discuss the way consumer/customer data is collected and used. Over the course of the past several years, multiple states have proposed privacy laws that have failed to pass their legislatures.

As of August 2021, five additional states had active bills at various stages of the state’s legislative process (Massachusetts, New York, North Carolina, Ohio, and Pennsylvania). In the absence of a federal privacy law, the trend for states to pass their own privacy laws will likely continue. Even if a federal statute is passed, it remains unclear if such a law would preempt some or all of the provisions of various state laws. This means compliance and privacy professionals will need to review the existing laws and monitor those of other states to assess their compliance obligations. The first step is to understand the applicability of the laws to the organization and the personal information the organization collects from individuals. The second step is to determine the compliance steps necessary to meet the organization’s legal obligations.

This document is only available to members. Please log in or become a member.
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field