Data & Privacy

In 2022 Federal lawmakers failed (again) to pass a privacy law and now companies face what they’ve always feared and lobbied against: a patchwork of state-level laws that dictate how they collect, store, and share consumer data.

Since May 2018, with the entry into application of the General Data Protection Regulation, there is one set of data protection rules for all companies operating in the EU, wherever they are based. Stronger rules on data protection mean. people have more control over their personal data and businesses benefit from a level playing field.

Each state has slightly different rules in its privacy laws. California allows residents to sue companies for data collection violations. Other states allow their attorney general’s offices to impose fines between $5,000 and $20,000 per violation.

Virginia’s industry-backed privacy law went into effect on January 1, 2023. The California Privacy Rights Act also went into effect, introducing changes to 2018’s California Consumer Privacy Act after a 2020 ballot initiative. Colorado and Connecticut will follow with their own rules going into effect in July 2023. Utah’s privacy law goes into effect on December 31, 2023.

Most industries have long argued that inconsistent state privacy laws place an undue burden on businesses, requiring them to establish different protocols for users in various states.

However… we have never learned of a company which adheres to European privacy regulations to run foul of legislation in the US. That is not a guarantee, but it may be reassuring.