 Your new post is loading...
|
Scooped by
Marteq
|
Texas is one of the many states that looked to be following in the footsteps of California’s enactment of a broad consumer privacy law (the California Consumer Privacy Act), which has far-ranging implications for businesses and consumers. Two comprehensive data privacy bills, HB 4390 and HB 4518, were filed and heard at the last legislative session. HB 4518, also known as the Texas Consumer Privacy Act, proposed overarching consumer protection legislation that closely resembled the California Consumer Privacy Act. HB 4518 stalled in the Texas House of Representatives in favor of HB 4390. HB 4390, also known as the Texas Privacy Protection Act, was introduced as comprehensive data privacy legislation, but was significantly less detailed than HB 4518. HB 4390 went through several rounds of revisions in both the Texas House and Senate until it was whittled down to the final version, which revises the notification requirements of the Texas Identity Theft Enforcement and Protection Act and creates the Texas Privacy Protection Advisory Council in order to develop recommendations for future data privacy legislation. HB 4390 has passed both the Texas House and Senate and is awaiting signature from the governor to be enacted.
|
|
Scooped by
Marteq
|
In Oregon, the legislature expanded its data breach notification statute (ORS §§ 646A.600 et seq.). Oregon’s updated data breach law, which was signed by Governor Kate Brown on May 24, 2019 and goes into effect on January 1, 2020, expands breach notification requirements to cover “vendors,” which it defines as “a person with which a covered entity contracts to maintain, store, manage, process or otherwise access personal information for the purpose of, or in connection with, providing services to or on behalf of the covered entity.” Under the new law, a vendor must notify Oregon’s Attorney General when subject to a security breach affecting the personal information of over 250 Oregon consumers, or when the number cannot be determined. Vendors do not need to notify the Attorney General if the covered entity has already made the notification. Vendors must also notify their business customers of the breach within 10 days – a change from previous language mandating notification “as soon as practicable.” The law also expands Oregon’s definition of personal information to include usernames, but only when combined with authentication factors.
|
|
Scooped by
Marteq
|
1. Establish a baseline
2. Evaluate third-party data providers
3. Avoid retrofitting legacy compliance tools. Seek technologies that enable you to:
• Manage and automate regulatory change monitoring through software or services.
• Apply modern solutions to modern problems.
•Establish predictable return on investment (ROI).
4. Manage regulatory churn by embracing compliance change management.
5. Plan for the future by aligning compliance management with your road map.
|
|
Scooped by
Marteq
|
The Massachusetts State Senate has recently referred a new consumer data privacy bill, S.120, to the Joint Committee on Consumer Protection and Professional Licensure. The Massachusetts law would protect any information relating to an identified or identifiable customer, and would explicitly include biometric information of all kinds into the definition of that protected information. Like the GDPR and CCPA, the Massachusetts law, if enacted, would impose notice requirements relating to the collection and disclosure of personally identifying information, including biometrics. In addition, S.120 includes a proposed private right of action that allows for up to $750 per violation, plus attorneys’ fees, for failure to abide by the law’s notice and collection requirements.
|
|
Scooped by
Marteq
|
We are also continuing to monitor developments in New York, which has proposed a CCPA-like law (S5462). Although the bill has a similarly broad definition of “personal information” and gives consumers the right to request deletion of their data, the bill also introduces new obligations on companies as a “data fiduciary”.
Earlier this year, both Washington (Washington Privacy Act, SB 5376) and Texas (Texas Privacy Protection Act, HB 4390) had introduced CCPA-like bills. Both bills failed to pass during their respective legislative sessions. Several other states still have legislation pending, which we are continuing to monitor.
The possibility of a US federal privacy law is still under consideration in Washington, DC, with the House Energy and Commerce Consumer Protection and Commerce Subcommittee Chairwoman Rep. Jan Schakowsky (D-IL) stating that she hopes to have a draft bill before Congress breaks for its August recess. She indicated that the bill could give the Federal Trade Commission more authority to police data privacy, as well as several features currently in CCPA: the right to amend, correct, and erase their data as well as not have their data used for discriminatory purposes. The topic of whether to include a private right of action is also under discussion.
|
|
Scooped by
Marteq
|
Europe has made its name as the top cop of tech regulation.
The European Commission, the executive arm of the European Union, has imposed a combined $9.5 billion in antitrust fines against Google since 2017, and its boss hints Amazon and Apple might be next in line.
Facebook, meanwhile, has been subject to probes from competition and data protection authorities across the EU since the region’s strict new set of privacy rules called the General Data Protection Regulation (GDPR) went into effect last year.
As U.S. regulators and lawmakers step up their efforts to reign in big tech companies, Europe offers some valuable lessons.
|
|
Marketers must be aware of the state by state legislation protecting consumer data and privacy.
Curated by CYDigital: Delivering Consumers who want to buy from you. https://cyd.digital #zeropartydata #martech