State and Federal Privacy Laws are Washing the Shores of the United States
Data breaches have cost billions of dollars due to the theft of customer and corporate data. States have responded by creating their own data privacy laws due the gaps they see with Federal privacy laws. For example, biometric and genetic privacy laws have been passed by Illinois. California has modeled its privacy laws following the lead of the Europeans. States have taken different routes, from breach notification and their privacy enforcement to create privacy standards. By next summer there will be ten states listed below with comprehensive privacy laws in effect. This will cover more than 30% US population, a sizable part of the United States. As more states create their own privacy laws then the federal / state gap will grow into a bigger problem.
- California Consumer Privacy Act,
- California Privacy Rights Act
- Colorado Privacy Act
- Connecticut Data Privacy Act
- Indiana Consumer Data Protection Act
- Iowa Consumer Data Protection Act
- Montana Consumer Data Privacy Act
- Tennessee Information Protection Act
- Utah Consumer Privacy Act
- Virginia Consumer Data Protection Act
- Texas Data Privacy and Security Act
Business Pain:
Companies doing business in these states will need to comply with these new laws, which may require changes to their data collection, storage, and how they share data. They may also need to update their privacy policies and provide consumers with new rights and disclosures. It is important for businesses to review the specific requirements of each state law. When more states follow with their own privacy laws then it will cost more to comply than to protect customer privacy.
The Almost Federal Response:
Currently there is no single Federal privacy privacy law to oversee this issue nationally. There have been repeated efforts to create a federal privacy law to solve this issue. The American Data Privacy Protection Act (ADPPA) was proposed by the House of Representatives who wanted to protect businesses from the complications of too many state regulations.. This federal law will set a minimum standard. Some states have pushed back because of concern the ADDPA will override part of their state law. Its legal authority is based on The Commerce Clause in Article 1, Section 8, Clause 3 of the U.S. Constitution, which gives Congress the power to regulate commerce. The ADPPA would level the playing field with a clearer and more unified set of rules for business to operate under. The simplified law leads to cost savings enabling companies to better protect their customer’s data privacy.
In the future:
We can expect by the summer of 2024 the number of states having their own individual privacy laws will increase. This is a growing gap that the Federal government must fill quickly. Unless the ADPPA is signed into law then businesses will continue to struggle protecting their customers’ data privacy while handling so many state privacy laws. If ADPPA is passed, businesses can finally spend more to protect than to comply.