In 2020, California passed the California Consumer Privacy Act (CCPA), paving the way for other states to pass similar laws that enhance privacy rights and consumer protection. To date, Virginia and Colorado have enacted their own privacy laws and, just last month, Utah Governor Spencer Cox signed the Utah Consumer Privacy Act (Utah Law). Although these new laws are more business-friendly than CCPA, executive leaders need to strategize and pivot to new practices that will comply with new data privacy laws.
According to Reuters, additional states are expected to pass their own comprehensive privacy laws in 2022 and into 2023. Last month, there were data privacy bills pending in Connecticut, Hawaii, Massachusetts, Minnesota, Oklahoma, and Wisconsin. Overall, there are 22 states with consumer privacy legislation pending. Some of these bills were first introduced in carried over 2021, but many are new and remarkably similar to the California Consumer Privacy Act.
CPO Magazine reported that “[CPRA].. will introduce some other changes for companies that could contribute to added labor and costs. It creates a new category of “sensitive personal information” that covers things like unique identification numbers, financial account information, geolocation, biometric information and health information. This comes with new opt-in and opt-out requirements as well as purpose limitation and disclosure rules, and potentially bigger penalties for not keeping pace with the new standards.”
Business leaders in states where data privacy bills are being enacted should be prepared for how these new laws will affect their risk profile, IT processes and operations burden. And if the U.S. is successful at passing a comprehensive federal privacy law, all business sectors will have to keep pace with both Federal and state regulations.
How can businesses prepare?
With substantial amounts of data being collected and managed, businesses will always have to contend and comply with data privacy laws. As new laws are being developed, a business can prepare by ensuring privacy best practices for their industry and compliance with state and federal laws. One way to preserve privacy and ensure compliance is with TripleBlind.
TripleBlind has created the most complete and scalable solution for privacy enhancing computation. The TripleBlind Solution helps mitigate the risks of sharing data for computation by providing capabilities for protecting data in-use.
TripleBlind allows data users to compute on data as they normally would, without having to “see”, copy, or store any data. Our solution allows data owners full Digital Rights Management (DRM) over how their data is used on a granular, per-use level.
We support all cloud platforms and unlock the intellectual property value of data, while preserving privacy and ensuring compliance with all known data privacy and data residency standards, such as HIPAA and GDPR.
If your company is looking to remain compliant with data privacy laws, schedule a personalized demo with us.