The current state of privacy laws in the USA 2020: what you need to know
Author: Carole TheriaultDate: Tuesday November 12
After the introduction of the CCPA in 2018 a whole slew of states got on board the data privacy bandwagon, and it looked like there was real momentum in the direction of increased rights for citizens over their own data. By the middle of 2019 more than a dozen states had introduced some kind of privacy bill, either from scratch or as an amendment to existing privacy laws.
So how has that turned out?
Well, if you’re an advocate for increased user rights then you’d have to say things haven’t progressed quite as well as you might have hoped.
Several bills including those from Hawaii, Maryland and Mississippi have stalled in committees.
Many states, including Connecticut, Louisiana, Hawaii and Texas, dropped their bills in favour of setting up “task forces” to further investigate the topic.
Bills in New Jersey, Massachusetts, Illinois and others were referred back to committee or are pending carryover.
And in New York and Washington, privacy bills that were said to be even tougher than the CCPA also stalled, with New York merely making amendments to its existing data breach act.
But is this the result of hard business lobbying, or a sensible precautionary delay by states who don’t want to be endlessly bogged down with amendments and litigation because of untried legislation? After all, the passage of the CCPA has been followed by a stream of amendments which have only just been whittled down to a few successful ones.
I think it’s safe to say that there’s both things going on. Business will always lobby against extra regulation and any law that allows for them to be sued. What if ambiguity in the laws themselves could lead to litigation?
In addition, why not wait and see how the CCPA plays out in the real world. Let California go through the messy business of trial and error!
Below are listed the most recent updates from various states who have managed to pass their privacy bills, and that have come into effect recently or will do in the coming few months. This list of points isn’t exhaustive, so if you think you need to be compliant then do read the bill text (linked to from it’s number). What I have tried to do is translate some of the more tortuous legalese into something that more resembles plain English.
The most important question you have to ask right now is what data privacy strategy is best for my business? Do you try to keep up with the constant changes, or do you put in the most restrictive data privacy rules in order to cover all bases? Will this be seen as attractive by your customers, or is this going to negatively affect your competitiveness?
TBG can help you navigate this rapidly changing environment and find out what’s best for your own circumstances.