What is Brief Analysis?
Flagging Favorable/Unfavorable Case Authority
Try AI-Powered Legal Document Review
If you're a litigator, this problem might sound familiar: You have...
We sat down with Alison Manchester, Vice President of Product Management, and Huiling Chen, Principal Product Manager, on the LexisNexis® Shepard’s® team to learn more about the history of...
Case law research is the cornerstone of building (and winning) your case. While precisely and efficiently uncovering the best primary law to support your case isn't an easy task, attorneys know it's...
Legal research is imperative to the practice of law. Depending on where you are in your legal career, there could be multiple reasons to brush up on the basics of legal research. You could be a:
The law is fluid, changing over time with new rulings and precedents. The following case study demonstrates how attorneys are using Shepard’s ® Citator to quickly see how the new Supreme Court...
By David GiustiSenior Manager, LexisNexis® State Net®
The California Consumer Privacy Act (CCPA) sent chills up a lot of spines within corporate legal departments when it was adopted in 2018. This was the first comprehensive, consumer-facing data privacy law passed at the state level, and was widely viewed to be a harbinger of similar state data privacy laws that would soon flood across the nation like a tidal wave.
Nevada, Maine and even some major municipalities toed the water in the immediate aftermath of the adoption of CCPA, though none went nearly as far as the California law. Colorado and Virginia have each come closer since then, but even their laws do not contain the CCPA’s groundbreaking “private right of action” component that allows customers to sue businesses whose carelessness with securing their Personal Identifying Information (PII) leads to a data breach.
Meanwhile, proposed legislation in several states where a privacy law had strong support—Florida, Oklahoma and Washington—failed to pass because lawmakers disagreed on enforcement, according to Compliance Week®. As 2020 drew to a close, there was more confusion than clarity on the trajectory of CCPA-influenced data privacy legislation at the state level.
When the new legislative sessions started in January 2021, the data privacy floodgates opened up again, and in-house legal departments have taken notice. For example, a new Florida privacy measure was passed in that state’s House chamber in April, and the Law360® service reports that the bill is now under intense attack by powerful lobbying groups that argue it is a looming compliance disaster for businesses.
Indeed, “according to the State Net® database, at least 27 states have introduced far reaching consumer data privacy measures in 2021,” according to Rich Ehisen, managing editor of the State Net Capitol Journal™.
Corporate legal professionals have a daunting challenge of keeping up with these numerous state legislative debates across the U.S. And while many of the proposed bills share some basic principles, the details and enforcement mechanisms vary widely from one jurisdiction to another. This presents a real conundrum for in-house counsel to determine what actions should be taken with their corporate data privacy policies when there is so much uncertainty about where state-specific legislation is headed.
Most in-house legal teams appear to have chosen to develop data privacy policies that will comply with the most restrictive state legislation—which is still the CCPA at this point—and thereby maintain a conservative risk management posture that assures compliance with less stringent state laws. Other in-house teams appear to be taking a more agile approach, modifying their policies for individual states in which their commercial interests are sizable enough to justify a bespoke approach to data privacy in that jurisdiction.
Regardless of the strategic approach, all in-house legal teams face the same dilemma: how to walk through the significant compliance challenges posed by the patchwork of data privacy laws that vary from state to state.
Here are six key areas for corporate legal departments to review in their consumer-facing data privacy policies to make sure they are in compliance with CCPA-style legislation under consideration at the individual state level.
There are a number of useful resources available to help corporate legal professionals monitor the progress of data privacy legislation at the individual state level. The International Association of Privacy Professionals U.S. State Privacy Legislation Tracker is an intuitive tool that keeps in-house teams up to date with what is under consideration in various states and what is coming next in those respective processes.
The LexisNexis® State Net® legislative tracking system monitors pending data privacy bills and regulations and local ordinances in all 50 states and the District of Columbia, U.S. territories and select municipalities. For a complimentary State Net data privacy legislation report that you can download, please click here.*