In 2019, the US data privacy framework was significantly changed with the emergence of the California Consumer Privacy Act which created a significant compliance burden for most businesses that collect personal information about California residents. Since then, activity at the state level has increased as more states look to establish data privacy laws in the absence of a comprehensive data privacy law at the federal level. Currently, Virginia and Colorado are set to join California as states with comprehensive data privacy laws. This US Data Privacy Guide provides insight on these and other US data privacy laws.
2022
As state and federal legislatures across the United States continue to contemplate comprehensive data protection legislation, two pending laws—the California Privacy Rights Act (CPRA) and the Virginia Consumer Data Protection Act (VCDPA)—are set to become effective on January 1, 2023. Read the full article here »
2021
Colorado has joined California and Virginia in enacting comprehensive data privacy legislation after Governor Jared Polis signed the Colorado Privacy Act into effect yesterday. The enactment of the Colorado Privacy Act continues the trend of state legislatures guiding the development of the general consumer data privacy framework in the US. The legislation is set to take effect on July 1, 2023. Read the full article here »
On March 2, 2021, Governor Ralph Northam of Virginia signed the Consumer Data Protection Act ("CDPA") into law, after it passed both houses of the legislature with overwhelming support. This new legislation is set to take effect on January 1, 2023, and extends consumer data protections and business obligations that are quite similar to the California Consumer Privacy Act ("CCPA") and the upcoming California Privacy Rights Act ("CPRA"). Read the full article here »
2020
Hot on the heels of the California Attorney General's rulemaking process for the California Consumer Privacy Act ("CCPA"), California voters have passed a ballot initiative to expand and create new privacy rights for consumers. Most of the California Privacy Rights Act ("CPRA") will not take effect until January 1, 2023, giving weary businesses some lead time for their compliance efforts. In this client alert, we set out the key changes for businesses to be aware of as they look forward to meeting their obligations under the CPRA. Read the full article here »
As companies across industries continue to take advantage of existing and emerging technologies that involve the collection and use of human biometric identifiers, corporate privacy programs must take into account the unique legal and compliance concerns associated with this form of personal data. Currently, the state of Illinois has the most mature regulation, which is heavily litigated and aggressively enforced. Illinois is not alone among states, however, and we anticipate biometric privacy rights will expand across the US in the years to come. Read the full article here »
On August 14, 2020, California's Office of Administrative Law ("OAL") approved the final version of the implementing regulations for the California Consumer Privacy Act ("Final Regulations"). The approval of these final regulations caps off a long period of uncertainty and establishes specific content and administrative compliance obligations for businesses subject to the California Consumer Privacy Act ("CCPA"). The regulations are effective immediately. Read the full article here »
The CCPA took effect on 1 January 2020, introducing significant compliance burdens for most businesses that collect personal information about California residents. The reach of the CCPA extends beyond California and the US; it may apply to businesses based in the UK depending on the level of interaction with California residents and their personal information. Businesses based in the UK should understand the CCPA exposure risk, since the compliance requirements differ in some material ways from the General Data Protection Regulations ("GDPR") and the UK Data Protection Act 2018 ("DPA 2018"). Read the full article here »
Your business complies with the General Data Protection Regulation ("GDPR") and/or Turkish Personal Data Protection Law numbered 6698 and its secondary legislation ("PDPL"); but does it comply with the California Consumer Privacy Act ("CCPA"), which took effect on January 1, 2020? If your company needs to comply with the CCPA, some crucial differences should be taken into account in privacy compliance management. Read the full article here »
2019
Time is running out to comply with the California Consumer Privacy Act (CCPA). Companies must take a number of steps to ensure they meet the January 1, 2020 deadline, and updating the website privacy policy is only one aspect of our 9-step CCPA readiness checklist. Read the full article here »
2018
The CCPA's passage comes at a time when many US companies with international operations are still dealing with the significant compliance burden associated with the General Data Protection Regulation ("GDPR") and, despite some similarities, the CCPA will place additional burdens on businesses that are subject to both regimes. We carefully analyze the new obligations imposed by the CCPA on covered businesses. Read the full article here »
For many multinational businesses, understanding both the similarities and the differences between the CCPA and the GDPR will be a key component to efficiently managing compliance across both regimes. Read the full article here »
