While the United States still doesn’t have any federal privacy laws related to personal data, several new data privacy laws will be enacted at the state level in 2023. With Data Privacy Day right around the corner, now is an ideal time to talk about all the changes going into effect in the new year—especially the new California data privacy law.
We’ll cover what you need to know about the upcoming U.S. data privacy laws and how to prepare.
What Business Owners Need to Know About the Upcoming U.S. Data Privacy Laws
While U.S. lawmakers work to pass federal online privacy legislation, like the UPDPA, some states are taking data privacy into their own hands. In 2023, the following data privacy laws are going to effect in California, Colorado, Connecticut, Virginia, and Utah:
- The California Privacy Rights Act (CPRA)
- Virginia Consumer Data Protection Act (CDPA)
- Colorado Privacy Act (CPA)
- Connecticut Act Concerning Personal Data Privacy and Online Monitoring (CTPDA)
- The Utah Consumer Privacy Act (UCPA)
Each of these laws is slightly different, but they all aim to offer protection regarding their citizens’ online privacy. If you do business or have customers in these states, it’s important to make sure your business is ready for the transition.
If you already prepped your business when the CCPA rolled out, chances are you’re ahead of the pack. In many ways, the CCPA laid the groundwork for more legislation in the United States to follow.
What Is the CCPA?
The California Consumer Privacy Act (CCPA) is a law passed in 2018 that grants California residents certain rights when it comes to their data, including:
- The right to access their personal information
- The right to know what info is being collected about them
- The right to have their information deleted
- The right to opt-out of having their personal information sold
The CCPA also requires organizations to provide notice of what information they’re collecting and how they intend to use it.
Who Does the CCPA Apply to?
The California Consumer Privacy Act (CCPA) affects any for-profit business which collects, stores, and sells the personal information of California residents. It applies to companies of any size unless they’re exempt under the law.
Businesses that collect and sell the personal information of fewer than 50,000 California consumers, households, or devices are exempt from the CCPA. Additionally, specific nonprofit organizations, healthcare providers, and employers are exempt from the CCPA.
Keep in mind that the CCPA is just the earliest of the data privacy laws. With all the new legislation coming into effect in 2023, it’s critical for organizations to prioritize data privacy like never before.
5 Steps Your Business Should Take to Prepare for the Changing Data Privacy Laws in the U.S.
Instead of fighting against the changing landscape, be proactive and take the following steps to ensure you’re compliant and giving consumers what they want:
Step 1: Understand Your Existing Data Processing Procedures
Review your current data to find out what kind of sensitive personal data and profile usage your organization is currently processing. Then, check your data and collection processes against the new requirements to determine the impact of new state privacy laws and identify any areas that need improvement.
Step 2: Establish Rights for Individuals
Review your privacy notices and vendor contracts to reflect new role designations and contractual requirements. Be sure to update your privacy policy on your website now, and continue updating it regularly as the landscape or your business practices change. On the topic of vendors, perform a risk assessment of vendors that have access to sensitive personal information. This includes your existing partners and those you hire in the future.
Step 3: Create Consent and Opt-Out Options
Make sure you have opt-out systems in place for your new consumer rights (e.g., Profiling, Do Not “Sell,” Do Not “Share,” Do Not Use “Sensitive PI,” Do Not Use “Automated Decision-Making”) and make appropriate alterations to websites, apps, and related online properties.
Step 4: Update Your Internal Policies
It’s also important to translate all these changes inside your organization. Modify your internal policies to follow the revised and new consumer rights and train your team accordingly. For example, let staff know what information they can and can’t collect and how to respond to requests for personal data.
Step 5: Look for Ways to Improve
Take time now to pinpoint areas where you can further enhance consumer privacy without harming your results. For example, consider updating your marketing strategy to prioritize privacy or shifting to zero-party data. Even small improvements, like heightening your cybersecurity measures, can go a long way toward instilling customers’ trust in your organization.
Get Yourself Ready for Data Privacy Day
In short, the CCPA was just the beginning. Expect more data privacy laws ahead, with California, Colorado, Connecticut, Virginia, and Utah leading the way by launching new legislation next year.
As a business owner, it’s essential to take the steps needed to ensure your organization is up to date with these laws and protect the personal data of your customers. Data Privacy Day — the annual international event designed to raise awareness around the importance of protecting personal information and reminding individuals to take steps to protect their privacy — is the perfect time to do it.At LeadLander, we’re already prepared for these changes, and we’re helping our customers continue to access the valuable data they need while still protecting their prospects’ privacy. Sign up for your 14-day trial now.