Organizations face a major challenge when trying to keep pace with the constantly shifting regulatory landscape in the US. While the prospects of a federal privacy law are higher than ever before with the American Data Privacy and Protection Act (ADPPA) currently on the House floor, today there is no such law in effect. As a result, the US privacy landscape is comprised of industry-specific regulations such as HIPPA and GLBA and a patchwork of state-level regulations.
In 2023, the single active US state privacy law, California’s consumer focused CCPA, will be drastically expanded upon as five new state laws bring more comprehensive requirements into effect. For example, the California Privacy Rights Act (CPRA) will introduce new consumer rights to rectification, update the CCPA’s “Do Not Sell” requirement, and extend consumer rights to employees, among other things. Additionally, across all incoming state privacy laws, a new category of sensitive personal information (SPI) will be defined and different consent requirements for its use will come into play. There are also requirements for privacy risk assessments, data retention and minimization principles, and differing application of the right to opt-out all with varying levels of severity for non-compliance.
Join OneTrust’s US privacy experts for an accelerated US Privacy Masterclass program running from September to November where we will deep-dive into the US privacy landscape, consumer and employee rights, privacy risk assessments, and the steps you can take now to not only meet compliance by 2023, but build a proactive, trust-based privacy program.
Ready to get started? Speak with a US Privacy expert