To embed, copy and paste the code into your website or blog:
It’s a hot spring for state privacy legislation. Privacy bills are pending in roughly 20 states, and while Gramm-Leach-Bliley Act (GLBA) exemptions may act as a cool breeze in some, issues remain:
Some states’ legislation has no GLBA exemption.
Some states’ legislation only contains a data-level exemption, meaning non-GLBA data would be subject to the states’ privacy requirements.
Even those states’ legislation that contains such an entity-level exemption will not insulate insurers from contractual obligations imposed by third parties who are subject to the legislation.
Virginia is the first state to follow California’s lead in adopting comprehensive privacy legislation, but its Consumer Data Protection Act has an entity-level GLBA exemption preventing any direct application to insurers. California, at work again, amended its Consumer Privacy Act (CCPA) by adopting the California Privacy Rights Act (CPRA),
By Aaron Nicodemus2021-05-05T19:40:00+01:00
With the prospect of a federal data privacy law still remote, state legislatures have moved forward with their own versions of California’s Consumer Privacy Act (CCPA).
Ten states are currently considering data privacy legislation: Alabama, Alaska, Colorado, Connecticut, Illinois, Massachusetts, Minnesota, New Jersey, New York, and Texas, according to a tracker from the International Association of Privacy Professionals (IAPP).
Legislation in several states where a privacy law had strong support Florida, Oklahoma, and Washington failed to pass because lawmakers disagreed on enforcement.
The Florida bill, HB 969, would have imposed new disclosure requirements on companies that collect information on customers who use the company’s app or Website. Customers would have the right to access the personal data collected on them, the right to correct that data if it contained errors, the right to delete it, and the right to opt out.
The Securities and Exchange Commission (the “SEC”) requires companies to disclose the most significant factors that make investments in the company speculative or risky. Private.
To embed, copy and paste the code into your website or blog:
On March 2, Virginia passed HB 2307 (Ch. 36) to enact the Consumer Data Protection Act (VCDPA), which becomes effective Jan. 1, 2023. The privacy concepts included in this act are similar to those found in the California Consumer Privacy Act (“CCPA”)/California Privacy Rights Act (“CPRA”) or General Data Protection Regulation (“GDPR”) and uses similarly defined terms such as “consumer,” “controller,” “processor,” and “personal data;” however, the VCDPA puts its own spin on privacy regulation.
Unlike the CCPA/CPRA or the GDPR, the jurisdictional scope of the VCDPA is more limited. The VCDPA only applies to data controllers (a) conducting business in Virginia or producing products or services that are targeted to Virginians, and (b) that control or process personal data of at least: