The United States continues to suffer from the absence of a federal data privacy and breach law.  Congress has tried for years to broker a deal here but has never been able to overcome strong lobbying forces — whether its high-tech, trial lawyers, law enforcement or other gadflies, the public continues to suffer.

Instead, global businesses face a real mess, tracking data privacy laws state-by-state, with the most stringent state’s becoming the de facto standard. 

California is usually a standard-bearer in this equation. California is poised to become the 4th largest economy in the world, surpassing Germany.  So, what California does, has a real impact on the US economy and in the global economy.

California first enacted in 2018 the California Consumer Privacy Act (“CCPA”).  California citizens wanted more regulation of data privacy.  So, in November 2020, they passed Proposition 24, The California Privacy Rights Act (“CPRA”), which created a new California Privacy Protection Agency (“CPPA”) and authorized the CPPA and 62 state district attorneys to enforce the law. 

California is not the only data privacy actor in the state law arena.  Virginia, Colorado, Utah, Iowa and Connecticut have new data privacy laws that have gone into effect, and more are on the way in 2024 — Montana, Tennessee and Texas. While these laws are similar, each has their own spin on specific issues. To avoid this mess and line-drawing across the map, many companies are just applying the most stringent set of laws and regulations for “peace of mind.”

in this Episode, Michael Volkov reviews the California data privacy law and developments in other states on the same issue.