ARTICLE
28 June 2024

It's (Almost) July 1!: Did You Remember Oregon And Texas (And Florida)'s New Privacy Laws?

SM
Sheppard Mullin Richter & Hampton

Contributor

Sheppard Mullin Richter & Hampton logo
Sheppard Mullin is a full service Global 100 firm with over 1,000 attorneys in 16 offices located in the United States, Europe and Asia. Since 1927, companies have turned to Sheppard Mullin to handle corporate and technology matters, high stakes litigation and complex financial transactions. In the US, the firm’s clients include more than half of the Fortune 100.
Explore
As we enter into the heart of the summer there is no time to relax in privacy-land with the next batch of "comprehensive" privacy laws coming into effect on July 1.
United States Privacy
Photo of Liisa M. Thomas
Photo of Kathryn Smith
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

Listen to this post

As we enter into the heart of the summer there is no time to relax in privacy-land with the next batch of "comprehensive" privacy laws coming into effect on July 1. Namely, those in Texas and Oregon (and Florida if you count it as "comprehensive"). These states will join those already in effect in California, Colorado, Connecticut, Utah, and Virginia. (For a recap of effective dates and requirements, visit our tracker.)

For the most part, the Texas and Oregon laws mirror the obligations in other states. They do not provide for a private right of action, and both have a 30 day cure period (although Oregon's sunsets on January 1, 2026). There are, though, a few things to keep in mind for under these new laws:

  • Where other states establish numeric or monetary thresholds, Texas' data privacy law applies to any business in Texas (except for those classified as "Small Businesses" under the Small Business Administration).
  • Texas will join California in requiring specific disclosures if processing sensitive information. Namely, companies that sell sensitive data will need to post the following specific statement. "NOTICE: We may sell your sensitive personal data." The notice needs to appear in the "same manner and location" as where the company posts its privacy policy. (Sale includes the exchange for monetary or other consideration, but not to vendors, affiliates, or if it is needed to provide a product or service to the consumer.) A similar requirement exists if selling biometric data.
  • While providing mostly the same rights as other states, Oregon has slightly different wording for its access rights. Namely, the right is to give consumers, upon request, a list of specific third parties, but this specificity is "at the controller's option."

Finally, as a reminder, the law in Florida is quite narrow, and applicable only to a handful of companies, as we discussed when the law was first passed.

Putting it into Practice: As more states enact privacy laws, companies may want to revisit their privacy programs. Now is a good time to see if they are sufficiently adaptable and expandable in the face of the changing legal patchwork.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Liisa M. Thomas
Liisa M. Thomas
Photo of Kathryn Smith
Kathryn Smith
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More