California’s Consumer Privacy Act (CCPA) has made states truly consider how they expect businesses to handle individuals’ personal information. While the CCPA only protects the rights of California residents, it has inspired many other states to consider passing similar legislation.

With different legislation applying to individual states, businesses that operate across several states will likely have a difficult time complying with each law. As a result, the need for a U.S. federal privacy law is becoming quite attractive to ensure regulatory certainty.

 Update: Proposed U.S. Federal Privacy Laws 

Comprehensive privacy legislation may have taken a back seat to COVID-19 issues. However, several pieces of privacy legislation have attempted to tackle specific privacy issues related to the pandemic, such as contact tracing. While pandemic-related items have taken priority, we should expect comprehensive privacy bills to return shortly.

To keep you informed, here’s the latest update about potential federal privacy laws that might take precedent in the United States in the near future.

COPRA & CDPA

In November 2019, federal legislators proposed a variety of data protection laws. But none made any traction. These proposed laws included the Consumer Online Privacy Rights Act (COPRA) and the United States Consumer Data Privacy Act of 2019 (CDPA).

Both COPRA and CDPA would require entities that process personal data to:

And while very similar, COPRA and CDPA have a few differences as well, including:

Bureau of Privacy

In December of 2019, the House of Energy & Commerce Committee issued a bipartisan discussion draft on federal privacy regulation. If passed, the law would establish a new administration called the Bureau of Privacy within the FTC to enforce the bill.  The discussion draft would enforce:

Online Privacy Act

Proposed to Congress in 2019, the Online Privacy Act focuses on setting out strict requirements for how companies can collect, use, and transfer individuals’ data. Provisions include:

DASHBOARD Act

The Designing Accounting Safeguards to Help Broaden Oversight and Regulations on Data (DASHBOARD) Act would place a number of strict regulations on what it calls “data operators” or companies that have more than 100 million active monthly users. Inside the proposed bill you’ll find:

ADD Act

The American Data Dissemination Act (ADD Act) seeks to provide a nationwide consumer data privacy law that protects both consumers and internet economics, . Requirements under the law would include:

Social Media Privacy Protection and Consumer Rights Act of 2019

As suggested in the name, this proposed law would protect the privacy of users of social media and other online platforms. But it didn’t make it very far. After being introduced in April of 2018, it died once introduced to Congress in January 2019.

Conclusion: A Federal Privacy Law is Inevitable

Federal privacy law isn’t a matter of if, it’s a matter of when. Both Democrats and Republicans in Congress agree it needs to happen. Will it happen in 2020? It’s unlikely. But it will happen. And your business should be prepared to comply.

To prepare for the inevitable, it’s important your business is set up for success. A few ways to prepare include:

  1. Appoint an accountable company staff member to handle data privacy matters
  2. Implement third-party auditing
  3. Train your staff on data protection
  4. Vet vendors and partners thoroughly to ensure they’re as compliant as you

These are just a few of the tips for getting ahead of upcoming regulations. When you’re ready to bulk up your privacy policy, try out a demo of OneTrust Privacy today.