New Data Breach Laws for 2020

New Data Breach Laws for 2020

As technology evolves, legislation protecting consumer’s privacy does too. In the United States, there is no standard Federal privacy law in place. This means the regulatory evolutions are taking place from state to state, challenging many businesses to stay informed on a multitude of fronts.

In 2020, multiple states will have new or expanded privacy and data breach laws in effect. It’s important, now more than ever, for businesses to familiarize themselves with the changing landscape and implement any required system/process adjustments to come into or remain in compliance with the ever-changing legislation. Here are some of the highlights of new legislation coming into law in 2020 from a list compiled by JDSUPRA.

Effective January 1, the California Consumer Privacy Act (CCPA) applies to companies that do business in California and collect California resident’s personal information. The CCPA is considered to be one of the broadest state privacy laws in US history and provides four primary rights to consumers, including:

  • The right to know what information a company has on you
  • The right to request companies delete information about you
  • The right to opt-out of the sale of your information
  • The right to receive equal service and pricing from a business if you exercise your CCPA rights

More states are expected to follow in California’s footsteps with similar legislation in the coming years, making the CCPA an important law for businesses to understand. For more on the CCPA, please see our blog from the October newsletter, covering it in more detail.

In New York, updates to the Stop Hacks and Improve Electronic Data Security Act (SHIELD) will go into effect on March 21. Under this new legislation, any person or business that owns or licenses New York residents’ private information must implement a data security program that includes reasonable safeguards and establishes certain standards companies must implement. Previously, this act just applied to companies doing business in New York.

Updates to the SHIELD act, which was first signed in July 2019, highlight how paramount it is to pay close attention to legislation as it continually evolves. 

These are just two examples of the 2020 US privacy legislative changes going into effect. As businesses expand their national and international footprint, it is imperative to become familiar with and understand how the changing legislation impacts them.

Category