Key Takeaways | Let's Look at the Progress: 2023 State Privacy Laws Recap - McDermott Will & Emery
MWE Logo
|

Key Takeaways | Let’s Look at the Progress: 2023 State Privacy Laws Recap

Overview


This has been a busy year for privacy legislation, with dozens of states deliberating consumer privacy bills. Today, 13 states have their own consumer privacy laws, a tally that climbs to 15 if we include the health privacy bills that passed in Washington and Nevada. Despite little progress at the federal level, the US Securities and Exchange Commission finalized rules around cybersecurity, and the Federal Trade Commission maintains its unwavering commitment to privacy enforcement.

In this webinar, David Saunders and Sabrina Guenther Frigo, Associate General Counsel – Privacy & Data Management at CUNA Mutual Group, reviewed the legislative year to explore what might be in store for the future of privacy legislation.

Key takeaways included:

  1. Conducting a close review of the applicability thresholds and definitions of the new and emerging state laws will be important. Companies should consider all their encounters with consumers in a particular state, including through their products, services and website interactions. Documenting this analysis is a helpful exercise to demonstrate to regulators (and to private parties in states like Washington where there is a private right of action) that a certain state’s law does not apply.
  2. The state privacy law model is continuing to evolve as states pass new laws. Newer laws are increasingly moving toward more rigorous requirements (e.g., opt-in consent for use of sensitive personal information). Data protection impact assessment requirements are becoming more detailed, with states drawing upon the requirements of other states’ laws and regulations in drafting their requirements.
  3. Businesses should assess whether the time has come to adopt a national approach to compliance with data privacy laws. With 13 state laws now in effect, companies should seriously consider whether adopting a national approach based on the highest level of compliance is easier than accounting for potentially 20 different state privacy laws by the end of 2024.
  4. Despite the lack of comprehensive privacy rules at the federal level, federal agencies have been actively using their authority to regulate corporate privacy practices. While we are unlikely to see a federal privacy law passed in 2024, we can expect to see federal agencies continuing to exercise their authority in the privacy space.

WEBINAR MATERIALS

Download Slides

Stay Connected

Subscribe Follow Us on LinkedIn Contact Us

Speakers

Sabrina Guenther Frigo, Associate General Counsel – Privacy & Data Management at CUNA Mutual Group

David P. Saunders

Partner | Chicago

View Profile MWE Icon

Dig Deeper

Cambridge, United Kingdom / Speaking Engagements / July 1-3, 2024

Privacy Laws & Business | 37th International Conference

Washington, DC / / May 8-10, 2024

2024 Privacy + Security Spring Academy

Paris, France / McDermott Event / May 30, 2024

New Cybersecurity Challenges (NIS II, CRA, DORA) in the EU and UK

Speaking Engagements / May 9, 2024

Privacy and Security Forum | Using De-Identification to Safely Enable Innovation and Commercialization

Washington, DC / Speaking Engagements / April 3-4, 2024

IAPP Global Privacy Summit 2024

Webinar / McDermott Webinar / March 19,2024

Healthcare Privacy Risks and Enforcement

Get In Touch