Failing to Comply With the Slew of New Data Privacy Laws Can Be Costly to Companies

McGuireWoods LLP
Contact
 

Over the past few years, data privacy and security has been the focus of many state legislatures.  CA, CO, CT, IA, UT and VA have already passed comprehensive data privacy laws. Indiana joined them on May 1, 2023 when the Governor signed the latest consumer privacy bill into law.  Many other states have bills in the legislatures that are likely to become law, including FL, MT and TN (where the bills are awaiting the governors’ signatures).  Though most of these laws apply to businesses that control or process personal data of 100,000 or more residents in each of those states, California’s data privacy law applies to any business that has gross annual revenue of over $25M if it collects the personal data of any California resident, which includes employees and business contacts.

If a business is subject to any of these laws, it must comply with a number of requirements.  Among them, the business must: (i) post a compliant data privacy policy; (ii) provide to consumers, with certain exceptions, various rights (e.g., right to know what is collected, right to correct, right to delete, right to opt-out of sale, etc.); (iii) have compliant agreements with any entity to which it discloses personal data or from which it obtains personal data; and (iv) have appropriate data security measures in place.

If a business does not comply, then it can be subject to administrative or civil action by governmental entities, and in some cases private rights of action by individuals (though this is more limited usually to data breaches). The fines can be pretty steep. For example, under CA law, any business that violates the law shall be liable for an administrative fine of not more than $2,500 for each violation or $7,500 for each intentional violation.

In addition to these comprehensive data privacy laws, various jurisdictions have enacted specific laws on various types of personal data, such as the collection and use of biometric data.  The Illinois supreme court has already opened the door to astronomical damages for failure to comply with that law, about which you can read further here

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© McGuireWoods LLP

Written by:

McGuireWoods LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

McGuireWoods LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide