Published July 1, 2020
Currently no U.S. federal law exists to govern consumer data privacy, which means states are free to devise their own regulations. The California Consumer Privacy Act (CCPA) is being enforced and no fewer than 25 other states have similar laws in various stages of creation. Though the COVID-19 crisis has slowed down legislative sessions across the country, these data privacy efforts aren’t going away. Now is the time for companies to take stock of their data collection strategies and get prepared for a patchwork of competing state laws. Each state law will spell out which companies must comply, using metrics such as number of employees or annual revenue. In addition, penalties for noncompliance may vary, from financial consequences paid to the state or stipulations that allow consumers to sue companies directly. You can prepare for data privacy laws, despite not knowing specifics, by answering the following questions:
- How is your data managed? (Where is it? How is it secured? Who accesses it, and how do they get to it?)
- What do you use data for?
- Who do you buy data from, and who do you share it with?