Information privacy is the right of consumers to have some control over how their personal information is collected and used. For businesses, it means the risk of litigation and monetary penalties is high. According to law firm Morrison & Foerster, “Companies will begin in earnest to implement the additional obligations under the California Privacy Rights Act, the Virginia Consumer Data Protection Act, and the Colorado Privacy Act in 2022 to meet the 2023 deadlines for compliance.”
Given growing legislation and litigation, businesses are concerned with proving privacy compliance as a statutory, contractual, and legal requirement. Here are a few critical dates regarding state privacy regulations that may apply to your organization.
JAN 1, 2022
In the fall of 2020, California voters approved the California Privacy Rights Act (CPRA). CPRA expanded the 2019 California Consumer Privacy Act (CCPA).
Effectively the CPRA brings the CCPA up to par with GDPR. The California Privacy Protection Agency (CPPA) won’t fully enforce CPRA until July 1, 2023. However, the new obligations from CPRA will apply retrospectively to data collected on or after January 1, 2022.
JAN 24 – 28, 2022
|
The National Cybersecurity Alliance (NCA) promotes Data Privacy Week 2022! This event convenes data privacy experts from industry, government, and academia for discussions on data privacy. |
As part of the event, the NCA encourages businesses to be transparent about collecting and using customer data. Publicly communicate clearly and concisely what privacy means to your organization and the steps you take to achieve and maintain privacy.
NCA RECCOMENDATIONS for 2022:
July 1 is the deadline for the California Attorney General to adopt CPRA final regulations. The regulations will be enforced by the California Privacy Protection Agency beginning July 2023.
SB 190 will not go into effect unless approved by voters during the general election.
Passed on March 2, 2021, VCDPA defines PI as similar to CPRA California. According to experts, the law has somewhat broader exceptions for the uses of data from which consumers cannot opt out.
Number of State Privacy Bills Introduced 2018 - 2021
In 2022 privacy litigation risk increases, making privacy risk management essential to business resiliency. Companies that already have mature privacy risk programs should have a smooth transition to the new laws coming in 2022-2023. For startups, it is an opportunity to build privacy risk resiliency into your information management system. Begin by conducting a privacy risk-management workshop and assessment.
Truvantis has the experience to examine privacy policies, protocols and procedures the same way regulators and class action attorneys do. Our experienced and accredited team has the competence and expertise to drive effective privacy management in your organization. We have helped hundreds of organizations address the challenges of conveying complex privacy concepts with clear outward-facing documentation.
The landscape of privacy regulations is vast and continuously evolving. Truvantis can help you select and track which requirements are applicable. We can help build a solid central privacy risk-management program. A single program to support the entire matrix of international, federal, and rapidly changing state laws and regulations.
We help your organization take an organized and prioritized approach to your privacy program.
Ready to move forward? Contact Truvantis for more information and to start your pre-audit consultation.