CCPA the ‘First of Many’ State-Level Us Privacy Laws on the Horizon
The California Consumer Privacy Act (CCPA) is just one of the “coming tsunami” of state-level US privacy laws that will substantially impact how organizations collect and use personal data in 2020 and beyond.
This is according to David Oberly, associate at US law firm Blank Rome, who noted that, although the CCPA was “by far the most significant development” to have taken place in the US over recent years, several other states are gearing up for changes of their own.
[...]
Other states follow California’s lead
Likened by some to the EU’s General Data Protection Regulation (GDPR), the CCPA has attracted no small amount of attention from privacy advocates and organizations with a Californian customer base.
However, looking ahead to 2020 and beyond, Oberly said it’s not only the Golden State that’s ushering in changes to its privacy legislation.
“The CCPA is the first of a coming tsunami of state-level privacy laws which, together, will radically shift how businesses collect, use, and protect personal data,” Oberly told The Daily Swig.
“In 2019, several other states wasted no time jumping on the CCPA bandwagon, following in California’s footsteps by enacting similar privacy laws of their own. First, Nevada enacted Senate Bill 220 (SB-220), which amends the state’s existing online privacy law, and went into effect on October 1, 2019.”
“SB-220 grants consumers the right to opt-out of the sale of their personal data, and requires covered entities to offer an online email address, toll-free telephone number, or website function to facilitate that right. In addition, covered entities are also required to satisfy consumer opt-out requests within the 60-day time period mandated by the law.
“In addition, New York enacted its Stop Hacks and Improve Electronic Data Security Handling (SHIELD) Act, which provides key changes to the state’s data security and data breach notification laws,” said Oberly.
“Most importantly, the SHIELD Act sets forth a new mandate that requires businesses to implement and maintain strong defensive data security safeguards to protect sensitive personal information from improper disclosure, access, or acquisition.
“At the same time, the law also substantially expands the scope and reach of the state’s breach notification law as well.”
"CCPA the ‘First of Many’ State-Level Us Privacy Laws on the Horizon," by James Walker was published in The Daily Swig on January 9, 2020.