While at the federal level security and privacy legislation are lost in a morass of partisan politics and corporate lobbying delays, states have been moving ahead to push through an impressive number of important bills that help fill in the gaps. A search of the Legiscan database reveals that hundreds of bills that address privacy, cybersecurity and data breaches are pending across the 50 states, territories and the District of Columbia.
The most comprehensive piece of state-level legislation across these often-intertwined categories that has been enacted over the past two years is the sweeping California Consumer Privacy Act (CCPA), enacted and signed into law on June 28, 2018. Inspired by the EU’s groundbreaking General Privacy Data Protection Regulation (GDPR), the legislation aims to give the state’s consumers greater control over how businesses collect and use their personal data.
The CCPA is slated to take effect on January 1, 2020, giving those who believe the bill was too broad or too narrow time enough to limit or expand its scope. So far two bills have been introduced in the California Assembly to expand the scope of CCPA, while nine draft bills seek to limit its impact.
In the sections below, we summarize the current provisions of the CCPA, along with other major pieces of state legislation that have been recently enacted and signed into law. Each of these recently adopted measures in its own way significantly impacts privacy, data security, cybersecurity or data breach notification requirements in the respective states.
- California Consumer Privacy Act (CCPA)
- Nevada Senate Bill 220 Online Privacy Law
- Maine Act to Protect the Privacy of Online Consumer Information