Now is the Time for U.S. Businesses to Review
Their Private Policy on Protecting Consumer Data
July 27, 2021
The obligations and responsibilities of U.S. businesses relating to the protection of consumer’s personal data, are ever changing. Several states are implementing new compliance obligations for businesses. Earlier this year, Virginia passed the Virginia Consumer Data Protection Act, which will become operative on January 1, 2023. Likewise, on July 7th, Colorado signed into law the Colorado Privacy Act to become effective July 1, 2023. Additionally, late last year, California passed the California Privacy Rights Act that will create new compliance obligations in addition to those required by the California Consumer Privacy Act. These obligations also become operative January 1, 2023 for any personal information collected after January 1, 2022.
These state specific obligations, as well as federal privacy regulations, are applicable to the majority of U.S. businesses. U.S based businesses who conduct business in these states, market to consumers in these states, or collect information from consumers who reside in these states, may be subject to these regulations. Based on this broad scope, U.S. businesses that operate an e-commerce website and sell their products throughout the United States or provide an informational website that can be accessed by consumers throughout the United States, must comply with not only federal privacy regulations but also these state specific regulations, if applicable. Non-compliance could result in hefty penalties and reputational damage. Now is the time to:
Establish written agreements with any down-stream entities that process personal data on your behalf.
For questions regarding the obligations of consumer data protection for businesses in Ohio, contact one of the attorneys in the firm’s corporate practice group.