Compliance: Keeping Up with Rapidly Changing Privacy and Security Laws

Robinson+Cole Data Privacy + Security Insider

The pace at which data privacy and security laws are changing continues to move at warp speed. Back in the day, I would keep track of all privacy and security bills in state legislatures and Congress; about 10 years ago, I stopped that practice because many were never enacted.

Now, however, state laws are being enacted at a rapid pace, and it is challenging to keep up, even when it is your job to do so. We spend a lot of time staying on top of newly enacted laws for our clients, but compliance officers/personnel are being overwhelmed with the complexity of being aware of, and complying with, new laws, many of which are obscure.

Take the new Nevada Privacy of Information Collected on the Internet from Consumers Act (NPICICA). First, it’s a really difficult acronym. In this business, one needs to consider an easy acronym to be certain we are all referring to the same law. Second, the Act went into effect on October 1, 2019. It has similar provisions to the California Consumer Privacy Act (CCPA—a much easier acronym), but you don’t see a lot written about it.

NPICICA applies to operators of commercial websites and online services and includes a CCPA-like provision that requires operators to allow users to opt-out of the sale of certain information. This is a privacy law that should be on compliance officers’ radar.

There are other proposed laws in states that are similar to CCPA and go beyond it. There is a rumor that CCPA II will be even more stringent. Another area to consider watching is the activity around the protection of biometric information. I predict the law will start to catch up with the collection, use and disclosure of biometric information, so staying on top of that area is critical.

There are tools, blogs, list serves and news organizations in the industry that can help privacy professionals and compliance officers keep track of rapidly changing privacy laws and regulations, including industry specific compliance requirements. It is very challenging and really is a full-time job. Once you start watching the trends, you can follow and predict them. Suffice to say for now, privacy laws will continue to change rapidly, they will become more stringent, and thinking about how the industry is moving is important for strategic decisions on how you collect, use and disclose data. Having a purpose for the collection and use of data, being transparent in doing so, allowing people to choose how to share their data with you, providing value to employees and consumers for the collection, use and disclosure of data, and how to protect that information are basic considerations when developing a consumer product and service.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.