Search for:
Cybersecurity, Data and Tech

US State Omnibus Privacy Laws – A Primer

By and 2 Mins Read

In 2018, California enacted the California Consumer Privacy Act (“CCPA”), the first state-level “omnibus” privacy law, which imposes broad obligations on businesses to provide state residents with transparency and control of their personal data. This year, Maine and Nevada have followed suit and passed legislation focused on consumer privacy, and Pennsylvania has a consumer privacy bill currently under legislative review. Other states in which US companies do business saw similar legislation, such as Hawaii, Illinois, Massachusetts, Mississippi, New Mexico, New York, Rhode Island, Texas, and Washington. However, those state bills did not pass this year. Nonetheless, companies should consider that those state bills could be reintroduced and garner support should privacy become a hot topic for state residents and the US generally going forward.

The chart, which can be accessed above, provides a high-level summary of the new state privacy laws that have been enacted, and it also summarizes the Pennsylvania bill, which, if signed into law, will become effective immediately. We will provide updates regarding the Pennsylvania bill as they become available, and we will continue to track state-level consumer privacy legislative efforts. If you have any questions, please do not hesitate to reach out to the Contact Partners listed.

Click here to download the chart.

Categories:
Author

Brian Hengesbaugh is chair of the Firm's Global Data Privacy and Security Business Unit, a Member of the Firm's Global IP Tech Steering Committee, and a Member of the Firm's Financial Institutions' Group. Brian is listed in The Legal 500 Hall of Fame and was recognized as a Regulatory & Compliance Trailblazer by the National Law Journal. He is also listed as a Leading Lawyer for Cyber law (including data protection and privacy) in The Legal 500 and is listed in Chambers. Formerly Special Counsel to the General Counsel of the US Department of Commerce, Brian played a key role in the development and implementation of the US Government’s domestic and international policy in the area of privacy and electronic commerce. In particular, he served on the core team that negotiated the US-EU Safe Harbor Privacy Arrangement (Safe Harbor), and earned a Medal Award from the US Department of Commerce for this service. In addition, Brian participated on behalf of the United States in the development of a draft Council of Europe Treaty on Cyber Crime, and in the negotiation of a draft Hague Convention on Jurisdiction and the Recognition of Foreign Judgments. Brian has been quoted in the Wall Street Journal, New York Times, Forbes, CNET, Slate Magazine, Compliance Weekly, BNA Bloomberg, PCWorld and other news publications on global privacy and security issues.

Author

Amy de La Lama is a partner in Baker McKenzie's Chicago office. She has assisted a wide array of companies (financial institutions, retail companies, sourcing providers, online businesses) in addressing legal issues related to global privacy and data collection, data security, information technology and related restrictions on data collection and movement.

Related Posts