The pace at which data privacy and security laws are changing continues to move at warp speed. Back in the day, I would keep track of all privacy and security bills in state legislatures and Congress; about 10 years ago, I stopped that practice because many were never enacted.
Now, however, state laws are being enacted at a rapid pace, and it is challenging to keep up, even when it is your job to do so. We spend a lot of time staying on top of newly enacted laws for our clients, but compliance officers/personnel are being overwhelmed with the complexity of being aware of, and complying with, new laws, many of which are obscure.
Take the new Nevada Privacy of Information Collected on the Internet from Consumers Act (NPICICA). First, it’s a really difficult acronym. In this business, one needs to consider an easy acronym to be certain we are all referring to the same law. Second, the Act went into effect on October 1, 2019. It has similar provisions to the California Consumer Privacy Act (CCPA—a much easier acronym), but you don’t see a lot written about it.
NPICICA applies to operators of commercial websites and online services and includes a CCPA-like provision that requires operators to allow users to opt-out of the sale of certain information. This is a privacy law that should be on compliance officers’ radar.
There are other proposed laws in states that are similar to CCPA and go beyond it. There is a rumor that CCPA II will be even more stringent. Another area to consider watching is the activity around the protection of biometric information. I predict the law will start to catch up with the collection, use and disclosure of biometric information, so staying on top of that area is critical.
There are tools, blogs, list serves and news organizations in the industry that can help privacy professionals and compliance officers keep track of rapidly changing privacy laws and regulations, including industry specific compliance requirements. It is very challenging and really is a full-time job. Once you start watching the trends, you can follow and predict them. Suffice to say for now, privacy laws will continue to change rapidly, they will become more stringent, and thinking about how the industry is moving is important for strategic decisions on how you collect, use and disclose data. Having a purpose for the collection and use of data, being transparent in doing so, allowing people to choose how to share their data with you, providing value to employees and consumers for the collection, use and disclosure of data, and how to protect that information are basic considerations when developing a consumer product and service.