Or visit our Training & Support Center for how-to videos, product demos, FAQs, and more.
Please visit our Training & Support Center or Contact Us for assistance
By Catriona Collins
Intellectual property assets long ago supplanted physical assets as the most valuable components of the typical corporate balance sheet. A recent analysis of the 500 largest public...
By Scott M. Tayne
In-house counsel at many U.S. companies are preparing for intensified federal regulatory activity under the Biden administration compared to their experience in recent years. One federal...
By David Giusti Senior Manager, LexisNexis® State Net ®
The California Consumer Privacy Act (CCPA) sent chills up a lot of spines within corporate legal departments when it was adopted in 2018...
By Elias Kahn
Millions of Americans are now headlong into the process of returning to their respective workplaces after nearly 18 months of pandemic-required lockdowns and business disruptions. One of...
By Meg Vernal and Caroline Yoon
In-house legal departments are reporting an increase in corporate transactions as the global economy rebounds from the pandemic-induced reduction in M&A activity,...
By David GiustiSenior Manager, LexisNexis® State Net®
The California Consumer Privacy Act (CCPA) sent chills up a lot of spines within corporate legal departments when it was adopted in 2018. This was the first comprehensive, consumer-facing data privacy law passed at the state level, and was widely viewed to be a harbinger of similar state data privacy laws that would soon flood across the nation like a tidal wave.
Nevada, Maine and even some major municipalities toed the water in the immediate aftermath of the adoption of CCPA, though none went nearly as far as the California law. Colorado and Virginia have each come closer since then, but even their laws do not contain the CCPA’s groundbreaking “private right of action” component that allows customers to sue businesses whose carelessness with securing their Personal Identifying Information (PII) leads to a data breach.
Meanwhile, proposed legislation in several states where a privacy law had strong support—Florida, Oklahoma and Washington—failed to pass because lawmakers disagreed on enforcement, according to Compliance Week®. As 2020 drew to a close, there was more confusion than clarity on the trajectory of CCPA-influenced data privacy legislation at the state level.
When the new legislative sessions started in January 2021, the data privacy floodgates opened up again, and in-house legal departments have taken notice. For example, a new Florida privacy measure was passed in that state’s House chamber in April, and the Law360® service reports that the bill is now under intense attack by powerful lobbying groups that argue it is a looming compliance disaster for businesses.
Indeed, “according to the State Net® database, at least 27 states have introduced far reaching consumer data privacy measures in 2021,” according to Rich Ehisen, managing editor of the State Net Capitol Journal™.
Corporate legal professionals have a daunting challenge of keeping up with these numerous state legislative debates across the U.S. And while many of the proposed bills share some basic principles, the details and enforcement mechanisms vary widely from one jurisdiction to another. This presents a real conundrum for in-house counsel to determine what actions should be taken with their corporate data privacy policies when there is so much uncertainty about where state-specific legislation is headed.
Most in-house legal teams appear to have chosen to develop data privacy policies that will comply with the most restrictive state legislation—which is still the CCPA at this point—and thereby maintain a conservative risk management posture that assures compliance with less stringent state laws. Other in-house teams appear to be taking a more agile approach, modifying their policies for individual states in which their commercial interests are sizable enough to justify a bespoke approach to data privacy in that jurisdiction.
Regardless of the strategic approach, all in-house legal teams face the same dilemma: how to walk through the significant compliance challenges posed by the patchwork of data privacy laws that vary from state to state.
Here are six key areas for corporate legal departments to review in their consumer-facing data privacy policies to make sure they are in compliance with CCPA-style legislation under consideration at the individual state level.
There are a number of useful resources available to help corporate legal professionals monitor the progress of data privacy legislation at the individual state level. The International Association of Privacy Professionals U.S. State Privacy Legislation Tracker is an intuitive tool that keeps in-house teams up to date with what is under consideration in various states and what is coming next in those respective processes.
The LexisNexis® State Net® legislative tracking system monitors pending data privacy bills and regulations and local ordinances in all 50 states and the District of Columbia, U.S. territories and select municipalities. For a complimentary State Net data privacy legislation report that you can download, please click here.*
Or Please, visit our Training & Support Center to watch
videos, practice demos, walkthroughs, Q&As, and more..