A few months ago, Oregon Senator Ron Wyden introduced a federal bill proposing new data privacy standards, along with stiff penalties for companies that failed to meet them. Though it hasn’t made it past a committee hearing, the “Mind Your Own Business Act” is surely a sign of things to come: The movement to enforce consumer data security has arrived in the U.S. Here’s what you need to know.
What to Expect from Data Privacy Legislation in 2020
Senator Wyden’s bill was just one of a series of “discussion drafts” on the topic by federal lawmakers. Add to that new state laws in California, Nevada and Oregon, and proposals in other states like New York, Florida, Massachusetts, Texas and Washington, and 2020 is shaping up to be a groundbreaking year for data privacy.
First CCPA-Related Lawsuit Arrives
The first lawsuit based on the California Consumer Privacy Act (CCPA) has arrived, and, although experts feel that it’s unlikely to go far, they also predict that it “foreshadows” how the law will be prosecuted and helps show “what steps businesses should take to be prepared.”
Nevada Data Privacy Law Also in Effect
In all the commotion over the CCPA, much less attention was given to the fact that Nevada implemented a similar law several months earlier. It isn’t quite as comprehensive as California’s, but it could still have a big impact on businesses operating nationally.
Washington State Introduces Bill Similar to CCPA
The Washington Privacy Act would, like the CCPA, affect all businesses offering services to consumers living in the state. Lawmakers have expressed their hesitation to impose “a new layer of burden” on businesses while “also recognizing that those consumer rights are foundational.”
‘Mind Your Own Business Act’ Targets First-Time Offenders
Even if Senator Wyden’s bill doesn’t pass, it’s likely to serve as a template for future legislation — making it all the more noteworthy that it seeks to implement fines for first-time violators that can be as much as 4% of their annual revenue.
California’s New Data Security Laws Proving ‘Hard to Parse’
The CCPA and the Department of Justice regulations that go along with it add up to about 20,000 words. The proposed California Privacy Rights and Enforcement Act (CPREA, or CCPA 2.0) would add another 22,000 words of data privacy legalese on top of that. For most businesses, that points to the need of enlisting the help of experts in complying with the new laws.