FTC Defense Lawyer Discusses Recent Privacy Legislation
The Report also notes key trends, such as data breach disclosure obligations, a trend that expands the definition of “personally identifiable information” and the California Consumer Privacy Act of 2018.
According the Report, California ranked number one. No surprise. California is a leader when it comes to cutting-edge new media legislation, and privacy and data security is no exception.
The recently enacted California Consumer Privacy Act is the first-of-its-kind data privacy law. It implements GDPR-like restrictions and provides consumers with greater control over how their personal information is collected, stored and sold. The legislation becomes effective in 2020 and provides consumers the right to know what information is being collected and how it is shared.
Consumers will have the right to request a business to disclose the categories and types of personal information collected, the sources from which that information is collected, the business purposes for collecting or selling the information and the categories of third-parties with which the information is shared. It also provides consumers the right to request deletion of personal information.
The Report also considered California’s Electronic Communications Privacy Act that protects all residents’ cloud data, metadata, emails, text messages, and other types of data.
Delaware and Utah ranked second and third, respectively. Delaware is amongst a small handful of states that have enacted legislation addressing online privacy policies. The Report notes that Utah is one of two states that prevent ISPs from sharing user data with third-parties with consent.
Illinois, Arkansas, New Hampshire and Vermont received honorable mentions. Vermont recently enacted the nation’s first legislation that regulates data brokers that buy and sell personal information. Amongst the law’s numerous requirements, data brokers are required to register annually with the Vermont Attorney General and pay an annual registration fee. The registration and data security obligations take effect January 1, 2019, while the other provisions of the law have already taken effect.
Interestingly, according to FTC defense lawyer Richard B. Newman, Colorado failed to crack the top spots despite recently enacting groundbreaking privacy and cybersecurity legislation. The new law requires covered entities to implement and maintain reasonable security procedures, dispose of documents containing confidential information properly, ensure that confidential information is protected when transferred to third-parties, and notify affected individuals of data breaches in the shortest time frame in the nation. The new law becomes effective on September 1, 2018.
The Report ranks Wyoming, Mississippi, South Dakota and Alabama as the “worst” when it comes to online privacy.
This topic should be of interest to digital marketers and companies that are faced with a state or federal regulatory investigation or enforcement action.
View the Report, here.
Richard B. Newman is an FTC advertising compliance and defense lawyer at Hinch Newman LLP. He represents internet marketers and advertisers, advises on national direct marketing campaigns, defends regulatory enforcement actions and investigations, and advises on privacy and data security matters. Contact him via email at email@example.com, Follow him on LinkedIn.
Informational purposes only. Not legal advice. Previous case results do not guarantee similar future result. Hinch Newman LLP | 40 Wall St., 35th Floor, New York, NY 10005 | (212) 756-8777.