Managing Compliance with the Growing Patchwork of State Privacy Laws
Over the past four years, U.S. companies have been forced to expand their compliance programs to comply with an expanding array of international and U.S. state privacy laws. The wave of privacy laws began in May 2018, when the General Data Protection Regulation (GDPR) became effective, triggering new compliance obligations for U.S. companies with operations in the European Union. On the heels of the GDPR, other countries such as Brazil, Australia, India, Canada and China passed or expanded new privacy legislation, further expanding the scope of privacy compliance for U.S. multinationals.
In the U.S., there has likewise been a creeping expansion of state privacy laws. In 2020, the California Consumer Privacy Act (CCPA) became effective, triggering new legal requirements for U.S. companies that conduct business in California and generate yearly revenues of greater than $25,000,000. Other states, such as Nevada, Utah, and Maine, have since passed smaller less comprehensive privacy laws.
Read the full article here.