In a recent In-House Connect webinar titled “The Data Privacy Landscape Today and Tomorrow: What In-House Counsel Need to Know,” Porzio, Bromberg & Newman thought leaders Fred Brunetti and Phoebe Klewley discussed the current state of data privacy regulations and what businesses should be aware of moving forward.
Here are the top five takeaways from the event:
- Comprehensive data privacy laws are on the rise
With the introduction of the GDPR in 2018 and the CCPA in California, there has been a shift towards comprehensive data privacy laws that cover a wide range of data and afford certain rights to consumers. As of 2023, eight states have enforceable comprehensive data privacy laws, and nearly 60 privacy laws were considered by legislatures.
- Understand the scope and applicability of state-specific laws
Each state has its own set of privacy laws and regulations, with varying thresholds for compliance based on factors such as annual revenue, number of consumers, and data processing activities. Companies need to assess whether they fall within the scope of these laws based on their specific context and operations.
- Integrate privacy into existing compliance infrastructure
Organizations should proactively prevent privacy instances by leveraging existing compliance infrastructures and understanding the flow and processes of personal data collection and usage across different departments. Providing transparency, notices, consents, and opt-out options in data collection and processing is crucial.
- Adopt a principle-based approach to privacy compliance
Transparency, accountability, and notice are essential elements of a principle-based approach to privacy compliance. Organizations should institutionalize privacy as part of everyday business practices and address outwardly noticeable aspects such as privacy statements, policies, trackers, data processing agreements, and the use of AI tools in privacy policies.
- Stay informed about upcoming regulations and unique state requirements
With the constantly evolving privacy landscape, it’s essential for in-house counsel to stay informed about upcoming regulations and unique state requirements. For example, Colorado and New Jersey are implementing universal opt-out mechanisms, while Tennessee offers an affirmative defense based on following NIST guidelines for privacy.
By understanding the current data privacy landscape and adopting a proactive, principle-based approach to compliance, in-house counsel can help their organizations navigate the complex web of state-specific regulations and protect consumer data rights.
Did you miss the session? You can watch it now via IHC On-Demand!