Privacy Ref Blog

Fifty States, Fifty Laws


The big news lately is that individual states are proposing their own privacy laws. California has the California Consumer Protection Act and now New York and Maine have also proposed laws. There has been discussion of a federal law, however it seems unlikely that any kind of landmark legislation on privacy passes through to be signed. How is a business to be ready for up to 50 different laws?

Many businesses already comply with a multitude of privacy laws. Different countries have vastly different frameworks for these laws, such as how the EU sees privacy as a human right, but the US does not see it as such from a legal standpoint. This means you need to rectify this difference with your policies to meet both requirements. However, this is not as difficult as it seems since the EU in this case is much stricter than the US.

You want to find the strictest and most prescriptive law and use that as the basis for your policy compliance. Focusing on the privacy notice for this example, choose whichever law has the most requirements for the notice to be the baseline. Once you have a list of what is needed to comply with that law, look for other laws with a requirement specific to that law, not being mentioned or called out in the baseline you used. Remember, if a law does not mention something, or has a less strict requirement, complying with a stricter law will comply with that as well.

For example, a law stating you must have consent to send someone an email, but states that implicit consent is fine, would be complied with if you gathered explicit, opt-in consent. By following a more prescriptive regulation, you comply with both laws.

Come 2020, when your boss or the executive board asks what needs to be done to comply with 20 plus privacy regulations, you will know what to do. Keep an eye out on news sites and resources, such as the IAPP or a Google alert you can set for yourself, for what laws are strictest and be ready to establish a baseline before calling out specific requirements.

Privacy Ref provides consulting and assessment services to build and improve organizational privacy programs. For more information call Privacy Ref at (888) 470-1528 or email us at info@privacyref.com

Posted on June 13, 2019 by Ben Siegel


«

No Responses

Comments are closed.


«

Subscribe to our mailing list

Please fill out the form below.

Required

Want to find out more?

Simply go to the contact page, fill out the form, and someone from Privacy Ref will be in touch with you. You can also send an email to info@privacyref.com or call (888) 470-1528.

News

May 31, 2019

We are now offering Privacy Professional Training from the IAPP at our Houston and Nashua offices in addition our Delray Beach location.

Latest Blog Posts

Fifty States, Fifty Laws


The big news lately is that individual states are proposing their own privacy laws. California has the California Consumer Protection Act and now New York and Maine have also proposed laws. There has been discussion of a federal law, however it seems unlikely that any kind of landmark legislation on privacy passes through to be signed. How is a business to be ready for up to 50 different laws?

Continue reading this post...

June 12, 2019

Privacy Comes at a Price
At Apple’s World Wide Developers Conference last week, the message was all about Privacy. Apple has been more privacy-minded than other tech companies – that’s not news and it’s why I have an iPhone. They’ve introduced some interesting privacy features, such as showing location tracking, which I think is pretty cool. I don’t leave my location setting on, rather turn it on when I need directions and then back off. It’s tedious, but I’m not confident that when I’ve turned off location services, apps aren’t tracking me even though I said “no”. Sadly, I don’t think no means no on the Internet. So, I’ll be able to see if I’m right or wrong. Continue reading this post...

Other Recent Posts

PRIVACY REF