From 5 to 11: Keeping up with new state data privacy laws
By 
Adrianne Appel2023-09-06T15:00:00
If multi-state businesses thought at the start of 2023 complying with a patchwork of U.S. state privacy laws was going to be a lot of work, now they must be overwhelmed.
In a few short months, the number of states sporting comprehensive privacy laws went from five to 11, plus one more in Delaware awaiting the governor’s signature.
Those states include California, Colorado, Connecticut, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia, as tracked by the International Association of Privacy Professionals. There are also states, like Florida, with more lenient privacy laws on the books.
There is such variation among the laws, including when they take effect, that coming into compliance requires significant footwork, said Roy Wyman, a member at law firm Bass, Berry & Sims focusing on security and data privacy.
Related articles
-
PodcastDigital Transformation of Compliance podcast: Ryder CCO Pilar Caballero
In this episode of the Digital Transformation of Compliance podcast series, Pilar Caballero, chief compliance officer and chief privacy officer at Ryder, discusses her company’s process for vetting privacy concerns regarding use of new technologies.
-
News BriefCPPA sets sights on connected vehicles in first review
The California Privacy Protection Agency is probing the data privacy practices of connected vehicle manufacturers and their technologies as part of its first enforcement review.
-
PremiumCalifornia privacy reg delay offers little more than short reprieve
Many businesses are breathing a sigh of relief following a court ruling that delayed enforcement of certain provisions of the California Privacy Rights Act, but companies should not rest on their laurels, according to experts.
More from Regulatory Policy
-
ArticleNine states collaborating on data privacy enforcement across state lines
Nine states are collaborating to write and enforce comprehensive data privacy laws, in an effort to protect consumers across jurisdictions and due to the absence of a broad, federal privacy law.
-
News BriefFINTRAC hits British Columbia crypto firm with record $125M penalty for AML failures
Canada’s financial intelligence agency has issued its largest-ever penalties against a cryptocurrency exchange, a fine of $126 million (CA$176.9 million). The agency said the exchange’s compliance failures represented a “severe breach of Canada’s anti–money laundering framework.”
-
ArticleNYDFS to firms: apply cybersecurity rules to third-parties
The New York State Department of Financial Services (NYDFS) wants financial firms to step up their game when it comes to third parties and cybersecurity.