Between April 1st and July 1st, 5 additional states passed comprehensive data privacy laws: Kentucky, Nebraska, Rhode Island, Maryland and Minnesota, bringing the total number of such laws to 18. And with 13 additional states1 actively considering legislation, we could likely see more than half of the states regulating data privacy by the close of 2024.
Meanwhile, at the federal level, legislators continue to grapple with efforts to pass a uniform privacy law, currently known as The American Privacy Rights Act of 2024. Although this legislation is still a long way from completion, its passage is expected to dramatically impact compliance efforts by creating uniformity across various data privacy obligations.
Until such time, it is recommended that compliance efforts remain focused on meeting the most stringent of applicable state requirements, rather than trying to satisfy varying requirements, processes and procedures for each state in which a company does business. An overview of the key provisions of each state privacy law currently in effect can be found here.
Footnote
1 Georgia, Hawaii, Illinois, Maine, Massachusetts, Michigan, Missouri, New York, North Carolina, Ohio, Pennsylvania, Wisconsin and West Virginia.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.