Recent Trends in U.S. State Data Privacy and Security Law
The United States has seen significant new data privacy and security legislation in recent years at the state level, while federal efforts to enact such legislation have stalled. Two broad state legislative trends have taken hold in recent years. First, three states have passed comprehensive data privacy laws, and legislatures in many more states have introduced such laws for consideration. For states that have not passed these laws in recent legislative sessions, it is widely expected that the same or similar proposals will be introduced in upcoming sessions. Second, several states have passed data security legislation mandating compliance with industry accepted information security standards or incentivizing implementation of specific safeguards that broadly track requirements of such standards, indicating a growing consensus among regulators regarding the standard of care for data protection.
This paper describes enforcement trends relating to the California Consumer Privacy Act (CCPA), the first comprehensive privacy law in the United States, and the similarities and differences between state privacy and security legislation that companies will need to navigate to comply with numerous state laws and regulations that have either recently become effective or will become effective in the next twelve to eighteen months.
To read the full article, please click here.
“Recent Trends in U.S. State Data Privacy and Security Law,” by Alex C. Nisenbaum was published in the Winter 2022 edition of In-House Defense Quarterly. Reprinted with permission.