Are you ready for the 5 new State Privacy Laws in 2023? We are.
In 2023, five new state privacy laws go into effect. Virginia, Colorado, Connecticut, and Utah have followed California in enacting CCPA-like comprehensive consumer privacy legislation. In addition, California’s comprehensive consumer privacy law is nearing a major overhaul on January 1, 2023. In the absence of a federal privacy law, businesses operating in the U.S. must quickly prepare for an ever-changing hodgepodge of privacy laws.
The California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively, CCPA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), and the Utah Consumer Privacy Act (UCPA) each govern “personal information” or “personal data”, broadly defined as information that can be linked or reasonably linkable to an individual, such as name, email, IP address, cookies, and device ID. These laws phase in throughout 2023 and will become the de facto minimum privacy standard in the U.S. when read together.
While each privacy law has similarities to the CCPA and the California Privacy Rights Act (CPRA), they each have distinct, unique differences that every business should be prepared to implement if they meet relevant thresholds and engage in personal data use in those states.
The Colorado Privacy Act (CPA) becomes effective on July 1, 2023. The CPA joins a small group of states leading the way in implementing comprehensive data privacy legislation following the 2018 adoption of the California Consumer Privacy Act (CCPA). In addition, Virginia, Utah, and Connecticut have all passed comprehensive state privacy laws that become effective on various dates throughout 2023. These privacy laws grant consumers rights including the right to access, right to correction (except Utah), right to deletion, right to portability, right to opt-out sale of personal data, and right to opt out of targeted advertising. Companies need to note the different thresholds in each state to determine whether they will be subject to the newly enacted privacy laws. Some states, such as California, have also begun the rulemaking process to adopt final regulations implementing the comprehensive privacy acts. These regulations are likely to provide businesses with important guidance on meeting obligations as well as establishing new requirements.
Michigan, Ohio, and Pennsylvania are now all considering bills similar to California’s CCPA that require covered businesses to implement policies and procedures providing privacy rights to consumers. While it is too early to tell which – if any – will become law, businesses operating in these states should be mindful of the requirements that may be imposed on them if any are passed. As part of compliance efforts, companies should have a current, accessible privacy policy that is clear and accurate as it relates to consumer data collection practices, use practices, and consents. Companies should be prepared to comply with these upcoming laws, including mapping personal data and assessing sharing practices to be able to accurately trace data and respond to information requests.
Contact Our Data Protection and Privacy Lawyers Today
For more information about our data protection and privacy practice, contact the experienced lawyers at Kendall PC now online or by phone at 484-414-4093. Our firm works with clients across multiple business sectors regarding the applicability, implementation, operations, and compliance of these ever-changing privacy laws. Our distinguished firm proudly serves small, midsized, and emerging businesses throughout the United States and across the globe.