Many of our clients have been speaking with us to get a better understanding of their responsibilities under existing privacy laws and regulations. This blog has been developed to help organizations understand their responsibilities under the four state privacy legislations currently enacted in the United States.
Privacy laws have been developing rapidly over the past several years both globally and nationally. California passed the first comprehensive state privacy bill in 2018 with the California Consumer Privacy Act (CCPA). Since then, many state-level privacy laws have been developed and introduced. So far, California has passed and signed a more stringent law in the California Privacy Rights Act (CPRA); Virginia has passed and signed the Consumer Data Protection Act (CDPA); and Colorado has passed the Colorado Privacy Act (CPA).
The table below illustrates the requirements and scope of these laws while showing where they overlap and when they will take effect.
Although the CCPA was the first comprehensive privacy law within the U.S., it no longer sets the standard. The CPRA has become the most stringent state level privacy law, and the CDPA and CPA have appeared to follow its lead. As time goes on, we will see more states pass comprehensive laws and many will likely be at least as encompassing as the CPRA. As a matter of fact, these laws are so far reaching that many experts suggest that they may drive the creation of an overarching federal level privacy law.
If you would like to learn more about existing and/or proposed privacy legislation, and how it may impact your organization, please contact one of our privacy experts at firstname.lastname@example.org.