Currently no U.S. federal law exists to govern consumer data privacy, which means states are free to devise their own regulations. The California Consumer Privacy Act (CCPA) is being enforced and no fewer than 25 other states have similar laws in various stages of creation. Though the COVID-19 crisis has slowed down legislative sessions across the country, these data privacy efforts aren’t going away. Now is the time for companies to take stock of their data collection strategies and get prepared for a patchwork of competing state laws. Each state law will spell out which companies must comply, using metrics such as number of employees or annual revenue. In addition, penalties for noncompliance may vary, from financial consequences paid to the state or stipulations that allow consumers to sue companies directly. You can prepare for data privacy laws, despite not knowing specifics, by answering the following questions:

• How is your data managed? (Where is it? How is it secured? Who accesses it, and how do they get to it?)
• What do you use data for?
• Who do you buy data from, and who do you share it with?

It’s doubtful that a comprehensive federal law will get onto the books in the next three to five years. But it’s very likely that multiple state laws will get passed during that time. In fact, the consumer data privacy landscape looks stricter and more cumbersome going forward. At Infinitive, we can help your company prepare a data usage strategy that addresses current regulations, such as the CCPA and the European Union’s General Data Protection Regulation, and gets you ready to face new legislation as it arises. It all starts with understanding and managing your data.