Will New York be Next to Enact a Robust Privacy Law?

Technology has driven disruption in virtually every industry and created an opportunity for businesses to compete in manners previously thought impossible but, with such opportunities, new regulations have emerged at both the state and federal level. Specifically, most businesses have elected to implement new policies, procedures, and safeguards to ensure compliance with the California Consumer Privacy Act (“CCPA”) and the European Union General Data Protection Regulation (“GDPR”). However, one more law that might be added to the list is the New York Privacy Act, currently under consideration by the New York State Legislature.

 

The New York State Senate, not to be left behind California and the EU, has been actively discussing the New York Privacy Act, which proposes to be the most robust consumer privacy and data protection regulation passed in the United States. The proposed law will regulate any use, storage, or disclosure of personal data of a consumer, and will apply to anyone that does business in New York. These principals are similar to those included in the GDPR and CCPA, however, New York intends to bolster these rules by adding a fiduciary duty, further transparency, and additional notice obligations.

 

The latest hearing by the New York State Senate in November of 2019 suggested the legislature would be reluctant to pass the legislation if the United States Congress ultimately passes federal legislation, but noted that failure to move at a federal level will result in state legislation. For businesses, this would mean further adjustments to privacy, data security, and technology policies and procedures. Given the myriad of regulations and their evolving nature, each business will need to evaluate how they intend to comply with the regulations and monitor new obligations. As always, the attorneys at Vandenack Weaver are available to provide assistance with these matters.

VW Contributor: Alex B. Rainville
© 2019 Vandenack Weaver LLC
For more information, Contact Us

The CCPA is Here to Stay; Now What?

The California Consumer Privacy Act (“CCPA”), signed into law in 2018, will become effective on January 1, 2020. Many organizations hoped that the California legislature would narrow the scope of the CCPA prior to its effective date, but the legislature adjourned without taking action to narrow its scope. For businesses, this means that preparations should be underway to comply with the CCPA before the California Attorney General has statutory authority to enforce the law on July 1, 2020.

The initial step for a business to develop a CCPA compliance program is to understand what personal information it collects and determine what it does with this personal information. Similarly, the business should review its policies and procedures regarding its collection and processing of this personal information, then conduct a gap analysis between its written procedures, actual procedures, and the CCPA. Understandably, this gap analysis will be challenging, given that the California Attorney General is expected to promulgate regulations under the CCPA this fall and several potential amendments are awaiting the California Governor’s signature. However, the substance of the CCPA should remain the same and actions should be taken to prepare.

For businesses outside of California, much like the GDPR, the CCPA is designed to be extra-territorial. This means that businesses outside of California that conduct business within the state, or with residents of the state, need to take steps to comply with the CCPA, or at least mitigate its risks. The time for a business to prepare for the CCPA is now, even though the law itself will continue to evolve.

VW Contributor: Alex Rainville
© 2019 Vandenack Weaver LLC
For more information, Contact Us

Will the United States Enact a Federal Law on Privacy?

By Alex Rainville

With corporate giants like Amazon, IBM, Citigroup, and 48 others pushing for federal legislation on privacy, will the United States Congress act? In a letter to Congress, dated September 10, 2019, these corporate giants are pushing for a “comprehensive consumer data privacy law” that will stabilize the myriad of state rules.

In the absence of federal legislation, individual states have taken the responsibility for legislating consumer privacy and data security standards. In fact, Alabama was the last to enact such a law, and that law has been in effect since June 1, 2018. However, most individuals are unaware of their rights and, importantly, most businesses are unsure of how, or are simply unable, to comply with many of the state laws. Even the much-publicized California Consumer Privacy Act (“CCPA”) remains a challenge for businesses to comply with, and many businesses remain unaware that they are subject to this rules even though they reside outside of California.

This push for federal privacy legislation comes on the heels of the European Union enacting and implementing the General Data Protection Regulation, which ushered in an unprecedented level of privacy measures for European Union Data Subjects and regulatory burdens for data controllers and processors. Will the US Congress follow suit and implement a federal data privacy law? Only time will tell, but businesses should be prepared to comply with each state rule, as enforcement and fines for failure to comply have started to hit US companies of all size.

© 2019 Vandeanck Weaver LLC
For more information, Contact Us