Table of Contents
What you will discover:
The California Data Privacy Act
Online privacy in Nevada
Online data regulation in Washington
New York data breach notification
The EU’s data privacy regulation, the General Data Protection Regulation (GDPR), has been in effect for over a year. Unlike the European Union, the United States has refused to adopt a federal position on data privacy, instead leaving it up to individual states to decide. From a commercial sense, it would be simpler if there were a federal act that applied uniformly, but for the time being, enterprises must comply with varying state data privacy regulations (where they exist), which may make compliance difficult and onerous.
Some businesses see the advent of state-specific data privacy legislation as a chance to apply the same standards to clients across all fifty states, while others will adopt a more piecemeal approach, becoming compliant only when new laws are implemented. While the following states have either considered or passed data privacy legislation, it is likely that more will follow.
The California Data Privacy Act
California, the world’s fifth-largest economy, has a long history of setting the standard for safeguarding its inhabitants, even modifying the state constitution to preserve the right to privacy. The state recently went above and above to safeguard its inhabitants by establishing the California Consumer Protection Act (CCPA). This new legislation goes into effect on January 1, 2020, but there will be a six-month grace period before the CA Attorney General begins enforcing it.
Online privacy in Nevada
Nevada’s internet privacy legislation went into effect quietly on October 1, 2019. The legislation in Nevada is primarily concerned with enabling customers to avoid the selling of their personal information to other parties. While the Nevada law’s opt-out provision is more limited than the CCPA’s, it affects a broader range of businesses. Only one of the following requirements must be met: The company owns or maintains a commercial Internet website that 1) gathers personal data from Nevada customers or 2) positions itself to conduct business in Nevada.
Online data regulation in Washington
Washington enacted a legislation governing internet data but did not adopt a privacy measure. Consumers will be able to see what data corporations are collecting about them according to the internet data legislation. State residents, like those covered by the CCPA and the GDPR, may make requests for data erasure. The failed privacy law included controversial provisions such as a prohibition on face recognition technology and a failure to empower individuals with the ability to sue in civil court.
New York data breach notification
New York sought to establish a more rigorous data privacy legislation than the CCPA, but the New York Privacy Act (NYPA) was defeated in the state Assembly. Nonetheless, New York Governor Andrew Cuomo signed two pieces of legislation that expand the state’s current data breach reporting law. The Stop Hacks and Improve Electronic Data Security Act (“SHIELD”) and the Identity Theft Protection and Mitigation Services Act expand the amount of personal information protected by the state’s data privacy regulations while imposing stronger security requirements.
This is most certainly just the beginning of a wave of consumer data privacy regulations that will be adopted in the coming years. Ask a lawyer if you have any queries about how consumer protection laws could apply to your company.