New Data Privacy Requirements, But Do They Apply to Your Business?

Smart Summary

  • Many states have begun enacting their own comprehensive data privacy laws, and they may apply to businesses located outside of those states.
  • The most common requirement is that a business have an updated privacy policy in place.
  • Triggers for compliance range from customer geography, storage of customer information, utilization of website tracking tools (like cookies), data sharing, and more.

Data privacy laws vary from state to state, and in the last few years alone thirteen states have passed comprehensive data privacy laws of their own. Of those thirteen, eight are already effective or go into effect this year!

But there is no need to panic. Our team is already deeply immersed in these evolving requirements and is working closely with clients to review their business activities, determine if or how these new laws impact their businesses, and understand what requirements these states might impose upon businesses now and in the future.

So far, one of the most common requirements is that businesses have in place a privacy policy that is updated. By way of example, the CCPA requires updates at least once every 12 months. Many of our clients already have a privacy policy in place, but it may be time for a review if your business has not touched it in the last 12 months. If you do not have a current or any privacy policy, we encourage you to contact us to determine requirements you may not be meeting.

Not sure whether you are subject to any of the recent changes? Below are several questions we encourage you to ask yourself.

  • Are any of my employees, job applicants, or contractors California residents?
  • Do I have customers in California, Colorado, Connecticut, Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, Virginia, the UK, or the European Union?
  • Even if I do not have customers in those areas, do I market to individuals located in those areas or residents of those areas?
  • Does my business’s website utilize tracking tools (like Google Analytics) or cookies, pixels, or other tags to help me better understand my site visitors or for other purposes?
  • Does my business website share visitor data or other personal information with third parties (i.e. for the purpose of marketing to those visitors)?
  • Can visitors to my website directly manage the cookies they are subject to?

If you answered to yes to any of these questions, it’s a good idea to reach out to understand the latest changes in privacy laws that impact you and your business.

We’ve also included a quick assessment that you can take if you’d like to open a conversation about your obligations. One of our privacy and data security attorneys will respond promptly to discuss.