- November 16, 2020
- Tags: Federal, Financial Services, Healthcare, Insurance, Legal, Managed Service Providers, Retail, Software
With an executive administration change looming in Washington, the U.S. government is poised to continue with an uncompromising stance towards consumer privacy and security. The comprehensive privacy statutes that already exist may define a watershed moment for U.S. privacy laws in 2021, especially as it relates to the implementation of emerging technologies.
As digital transformation continues to sweep across industries, local and state governments have begun to table comprehensive data protection and privacy bills for congressional review and potential approval. Most of these data protection and privacy bills include more consumer rights than mentioned in the California Consumer Privacy Act (CCPA), thus placing more obligations on businesses.
Despite the potential changes across all political spectrums in 2020, the United States is on track to enact stronger consumer privacy laws in coming years, with prime attention on emerging, such as artificial intelligence (AI), machine learning (ML), cloud computing, blockchain, dgc. The path to offer stronger consumer protection in the coming years.
Following the implementation of the CCPA on June 28, 2018 in California, several other states have followed suit by passing similar privacy laws, thus giving consumers more rights over their sensitive data. Although many State privacy laws are currently in the processing stages, by 2021 about 34% of U.S. citizens will experience greater rights to control their data.
State Comprehensive Privacy Law Comparison
As seen in the above map, California, Maine and Nevada are States that have taken the lead in passing privacy laws in the United States. The California Consumer Privacy Act (CCPA) contains provisions for consumer rights, such as the Right of Access, Right of Portability, and Right of Deletion. The CCPA also contains business obligations like time-based data breach notification and mandated risk assessments. Interestingly enough, privacy laws passed by Nevada and Maine lack some of these specific provisions in the CCPA.
Furthermore, privacy-related bills currently in its legislative process include the following states: Minnesota, New Jersey, Illinois, Iowa, Maryland, New York, and South Carolina – this is a positive sign for privacy advocates.
Expectations for 2021
As seen in the above discussion, privacy laws are gradually making inroads into the U.S. market, and it would not be long before they become intrinsic to every state in the Union. The following are trends we can expect in 2021 regarding privacy laws:
- State-specific privacy Laws: more states will follow California’s footsteps to pass privacy laws, with provisions that are similar to the CCPA, but with local implementations.
- Voluntary Compliance with Privacy Laws: with more states in the U.S. adopting state-specific privacy laws, businesses will likely opt for a more voluntary compliance framework. Large multinational companies will likely try to impose their Will and influence on lawmakers who review and assess privacy-related bills. Eventually, businesses will retrofit compliance requirements to gain competitive advantage.
- Constitutional Challenges: While some states may pass privacy laws, opponents will argue that these laws impose unnecessary burdens on interstate commerce and constitutional rights. Thus, the road to passing these laws will be filled with challenges requiring dynamic negotiations.
- A Federal Privacy Law: with a potentially-new political majority in Washington, Congress may incorporate principles of CCPA into drafting a federal privacy law in order to birth national uniformity as it relates to data privacy.
- Increased Security Expenditure: Businesses will start investing more in upgrading their security infrastructure, technology, encryption, and training since the California Consumer Privacy Act offers statutory damages in a data breach.
- Increased Automation: Since consumers will take center-stage when the privacy laws are enforced, organizations will switch to digital ways of responding to consumer complaints and requests since the manual processes are more prone to error. Thus, more automated and scalable response programs to handle clients will come into the picture.
With 2020 nearing an end, data privacy and security took center stage with COVID-19 related security incidents impacting every major industry in the United States. As organizations move towards implementing rapid digital transformation measures, policy makers move to strengthen administrative controls, including policies and procedures, aimed at ensuring that consumer data are best equipped to withstand emerging threats in 2021 and beyond. With local and state governments pushing for more autonomy with privacy and security laws, we would likely see the federal government move to impose federal privacy laws that will be challenged on the state level.