The California Consumer Protection Act has gotten a lot of attention recently and rightly so. It is, however, just one of a number of US state privacy legislation initiatives that have either recently been passed or is under consideration.
Consider the Maine Act to Protect the Privacy of Online Consumer Information. This law requires that ISPs obtain explicit consent, an opt-in, from customers to sell their personal data. I’d suggest this is stricter than CCPA in that CCPA requires a customer to opt-out of selling their data. The Maine law as been passed and signed. It goes into effect July 1, 2020.
Now consider the New York State Privacy Act. While similar to CCPA, this bill, currently in review by the State Senate Consumer Protection Committee, requires a business to become a data fiduciary, putting customer’s privacy ahead of profits. While in Albany last week, the scuttlebutt was that the bill is expected to pass this summer.
There are several other states considering new privacy legislation. All of them may require some changes to your business practices as well as to your privacy notice. While everyone is talking about CCPA, don’t get distracted by that shiny object and miss the other requirements that may need your attention.