All Things Newz
Law \ Legal

Corporate TIPS: U.S. Data Privacy Compliance Deadlines Are Quickly Approaching In 2023 – Privacy Protection



To print this article, all you need is to be registered or login on Mondaq.com.

Your organization must act now to become compliant with new
state privacy regulations in the United States. With consumer
privacy laws from California, Colorado, Virginia and now
Connecticut and Utah set to take effect in 2023,1 there
is little time for covered organizations to review their data
processing activities and to implement the policies and procedures
needed for compliance. Organizations that fail to become compliant
with the new state privacy regulations by the 2023 deadlines may
become ideal targets for cyberattacks, subject to data privacy
lawsuits, and subject to regulatory fines and penalties. Moreover,
although only a limited number of states have enacted comprehensive
data privacy regulations to date, the effects of these laws reach
beyond the states in which they were enacted and will surely impact
organizations throughout the nation.

Most Companies Are Not Ready for Privacy Law Compliance

A new U.S. Data Privacy Law Compliance Survey (the
“Survey”)2 reveals how companies are getting
ready for the major changes needed in their data processing
activities in light of the consumer privacy laws from California,
Connecticut, Colorado, Utah and Virginia that go live next year. A
majority of the executives who responded to the Survey expressed
satisfaction with the state of their compliance efforts, with 59%
saying their companies are very prepared to meet the more stringent
guidelines, 31% reporting that they are moderately prepared, and
89% disclosing that they have increased their budgets to comply
with the new privacy regulations.3 However, when asked
about the concrete steps taken toward compliance with the new
regulations, less than half of the executives said their companies
have completed the critical tasks needed to ensure they meet the
new regulatory obligations, including data mapping, performing data
assessments, and establishing timelines to track compliance. Thus,
the Survey reveals that company executives may be too quick to
report their companies are ready for compliance with the upcoming
privacy laws, when a deeper look into their compliance efforts will
show a major deficit in actual preparation.

Privacy Law Requirements and 2023 Compliance Deadlines

Generally, the new privacy laws will require businesses to
ensure that their consumers have more access to and control over
how their personal information is handled. Although these laws
share key similarities, such as granting consumers rights of
access, correction, deletion and rights to opt out of the sale of
their personal data, they also contain important nuances that may
complicate compliance efforts. For example, the laws contain minor
differences concerning consumer rights, responses to global opt-out
signals, and how to handle sensitive personal information. Ideally,
every organization should develop a cross-functional team that
includes legal and data privacy compliance professionals, as well
as tech and risk management leads to ensure things get done
properly.

The deadlines to comply with the new U.S. privacy regulations
are as follows:4

  • CPRA – The California Privacy Rights Act,
    which strengthens the state’s landmark California Consumer
    Privacy Act, will take effect on Jan. 1,
    2023
    .

  • VCDPA – The Virginia Consumer Data Protection
    Act will take effect on Jan. 1, 2023.

  • CPA – Colorado’s Privacy Act will take
    effect on July 1, 2023.

  • CTDPA – Connecticut’s Data Protection Act
    will take effect on July 1, 2023.

  • UCPA – The Utah Consumer Privacy Act will take
    effect on Dec. 31, 2023.

A Push for Federal Privacy Standard Could Ease Compliance
Complications

A push by business and consumer advocacy groups to enact federal
privacy legislation may be the best hope in offsetting the
complications born from the expanding patchwork of state laws. One
of the most promising efforts to date on this front comes from a
bipartisan trio of congressional leaders who developed a proposal
that would set a uniform national standard for how companies use,
share and secure consumer information. The draft legislation would
allow consumers to sue companies for alleged data processing
violations and it would also preempt comprehensive state privacy
laws while allowing more targeted state statutes to survive.
Respondents to the Survey were overwhelmingly in favor of a
national consumer privacy framework, with 88% of respondents
indicating they would like to see a federal privacy standard that
preempts individual state legislation.5

Footnotes

1. https://www.law360.com/technology/articles/1505104/state-privacy-law-compliance-has-ways-to-go-survey-shows?nl_pk=630ddcf9-92ef-4871-8830-8997fdcd3828&utm_source=newsletter&utm_medium=email&utm_campaign=technology&utm_content=2022-06-23.

2. https://assets.law360news.com/1505000/1505104/data_privacy_survey_report_2022_22june22.pdf.

3. Id.

4. https://www.law360.com/technology/articles/1505104/state-privacy-law-compliance-has-ways-to-go-survey-shows?nl_pk=630ddcf9-92ef-4871-8830-8997fdcd3828&utm_source=newsletter&utm_medium=email&utm_campaign=technology&utm_content=2022-06-23.

5. https://assets.law360news.com/1505000/1505104/data_privacy_survey_report_2022_22june22.pdf.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

POPULAR ARTICLES ON: Privacy from United States

State Data Breach Notification Laws

Foley & Lardner

While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice.



Source link

Related posts

EU Announces Long-Awaited Electronic Visa Waiver Program – Work Visas

Coercive control laws propose 7 years jail in NSW – Crime

The CNIPA Rejected Registration Of Trademark KITION HOME – Trademark