Background Banner

How to Prepare Your Business for Privacy Laws Taking Effect in 2023

PDF
| Legal Alert
Mariel Giletto, Krishna Jani

In 2023, five new state privacy laws will become effective. How will these new laws affect your business?

Currently, privacy laws in the United States include  a patchwork of state laws as well as some industry- or issue-specific federal laws, such as the Health Insurance Portability and Accountability Act (HIPAA) for protected health information and the Gramm-Leach-Bliley Act (GLBA) for the financial services industry. There is no comprehensive federal privacy law in effect in the United States at this time.

Below you will find a brief overview of the new state privacy laws going into effect, their commonalities, their differences, and what you need to know to prepare your company for compliance.

If you have any questions related to your company’s compliance with these laws, please contact Mariel Giletto or Krishna Jani.

If you have any questions, please contact Mariel Giletto or Krishna Jani.

NEW LAWS BY STATE

California

Effective: January 1, 2023

The California Privacy Rights Act (CPRA) amends and extends the California Consumer Privacy Act (CCPA).  CPRA is a new law with more stringent requirements than the current law and creates a new regulatory agency (California Privacy Protection Agency (CPPA).  To date, only draft regulations have been released.  Final form regulations have not been published.

California’s new, more stringent law is significant because state attorneys general are tasked with enforcing data privacy laws and this new legislation signals a ramp up in enforcement, thereby bringing the U.S closer to Europe’s General Data Protection Regulation (GDPR).

One crucial piece of the proposed CPRA regulations is the right of a consumer to opt-out to both the sale and sharing of personal information. This is relevant for data brokers, and companies that contract with data brokers.

Separately, California passed a new bill called the California Age-Appropriate Design Code Act about two months ago. It is an online safety bill containing unique privacy requirements to protect minors 18 and under.

Virginia

Effective: January 1, 2023

Under the Virginia Consumer Data Protection Act, consumers have the right to opt-out of the processing of personal data for purposes of targeted advertising, sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

Colorado

Effective:  July 1, 2023

The Colorado Privacy Act (CPA) gives the Colorado attorney general authority to adopt rules governing privacy. It also requires that, by July 1, 2023, the Colorado attorney general must adopt rules detail the technical specifications for one or more universal opt-out mechanisms that clearly communicate a consumer’s affirmative, freely given, and unambiguous choice to opt-out of the processing of personal data for purposes of targeted advertising or the sale of personal data.

Both Connecticut and Utah have also passed privacy laws that are set to take effect on July 1, 2023 and December 31, 2023 respectively.

COMMONALITIES

Each state law:

For example, the CCPA, as amended by the CPRA, applies to any company that does business in California, no matter where it is based, if it meets any of the following criteria:

SIGNIFICANT DIFFERENCES

The significant differences of each state law include:

HOW TO PREPARE

Below are some helpful considerations for your company to begin their analysis of compliance with the new state laws:

WHAT ELSE TO EXPECT

Another draft of a federal privacy law has been introduced – the American Data Privacy and Protection Act.

If you have any questions about the new data privacy laws and how it could affect your business, please contact Mariel Giletto or Krishna Jani.

Jump to Page

Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek