New State Data Privacy Laws in California and Other States: Corporate Counsel Compliance Guidance
New State Data Privacy Laws in California and Other States Corporate Counsel Compliance Guidance Currently, there is no omnibus federal privacy law in effect in the United States--only issue or industry-related laws such as the Gramm-Leach-Bliley Act for financial institutions and COPPA for children online. Instead, privacy laws consist of a patchwork of various state laws with ever-growing complexity. In 2023, California, Virginia, Colorado, Connecticut, and Utah comprehensive state privacy laws are scheduled to go into effect along with several other states proposing legislation. All five privacy laws define "personal data" and "personal information" broadly and California now covers human resources and business-to-business data subjects in addition to traditional consumers. Virginia, Colorado, Connecticut, and Utah borrow some key terms and definitions from the EU General Data Protection Regulation and others from the California regime. All give residents more control over their personal data, especially regarding third-party disclosures and use for advertising.The California Privacy Rights Act (CPRA) amends and broadens the California Consumer Privacy Act that was passed in 2020. The CPRA is the only one of the five state privacy laws that creates a private right of action, which is limited to certain data security incidents. it contains increased penalties for violations related to a minor's data. Also, CPRA creates a new enforcement and rulemaking body, the California Privacy Protection [...]