View from Peter Lancos, CEO
"The latest edition of the Global Data Diaries series reveals that, even in the absence of Federal legislation, there appears to be a growing convergence of privacy law among several American states. This started in the State of Virginia which recently implemented the Consumer Data Protection Act (VCDPA). The VCDPA breaks new ground in U.S. privacy law by requiring consent to process “sensitive data” – a term that includes precise geolocation data; genetic or biometric data used to identify a person; and data revealing race or ethnicity, religious beliefs, health diagnosis, sexual orientation, or citizenship or immigration status. Following in the footsteps appear to be Florida and New York, with their own Privacy and Cybersecurity Laws, further showing the USA's dedication to taking the issue of protecting consumer data privacy seriously."
Virginia passes Comprehensive Data Privacy Law
Following on from the news featured in the GDD on 19th February, Governor Ralph Northam has now signed the Virginia Consumer Data Protection Act (VCDPA) into law, making Virginia the second state to enact comprehensive privacy legislation. Companies now have the next 22 months to prepare for the VCDPA and the California Privacy Rights Act (CPRA) to go into effect.
Florida to follow in California and Virginia's footsteps with new Data Privacy Legislation
According to JDSupra, Florida is currently considering a data privacy legislation that would require businesses to implement comprehensive policies and procedures to provide privacy rights to consumers. The proposed legislation is expected to mirror the California Privacy Rights Act (CRPA). If passed it would become effective on January 1, 2022.
New Developments in New York’s Privacy and Cybersecurity Laws
The New York Law Journal has a summary of recent developments in the state's privacy and security laws. The state has, with California, been a leader in US cybersecurity regulation. In New York's case, it's legislative and regulatory activity has been most closely focused on the financial services industry, which is appropriate given the state's prominence in that sector.
US Congress considers new breach laws and cloud procurement policies
A senior Democratic lawmaker said there is a growing appetite for a new federal cybersecurity breach notification law in the wake of a sprawling series of digital intrusions blamed on the Russian government.
The comment, made by Mississippi Representative Bennie Thompson, the chairman of the House's Homeland Security Committee, comes as cyber security executives are faced their second round of congressional questions over their companies' roles in the breach centred on Texas software company SolarWinds.