How to Navigate the Changing Landscape of Data Privacy Laws

If you play, work, or do business on the internet, data privacy laws are probably not new to you.

Before 2018, there was the Children’s Online Privacy Protect Act (COPPA), Health Insurance Portability and Accountability Act (HIPAA), and the Gramm-Leach Bliley Act (GLBA) — each aimed at specific demographics and consumers. But from 2018 onwards, the General Data Privacy Regulation (GDPR) shifted the consumer privacy landscape to focus on the general population of online consumers. 

With more and more laws going live each year — five U.S. states went live with data privacy laws in 2023 and the SEC recently provided cybersecurity mandates for public companies — the landscape is shifting to a more data privacy-conscious one. There are dozens of regulations to keep track of, and if your company manually updates contracts to comply with regulations, you may have a hard time keeping up.

There’s a lot to always keep top of mind, and it can quickly become overwhelming. But we have your back. Here’s what you need to know about navigating the changing landscape of data privacy laws. 

Data privacy laws in the U.S.

While there have been several attempts to enact one, the U.S. doesn’t have a comprehensive data privacy law. Still, five states across the country have data privacy laws that have gone or will go live in 2023. These are:

• California Privacy Rights Act (CPRA)
• Virginia Consumer Data Protection Act (VCDPA)
• Colorado’s Privacy Act (CPA)
• Utah Consumer Privacy Act (UCPA)
• Connecticut Data Privacy Act (CDPA)
  
  

Four more states to add data privacy laws

Between 2024 and 2026, four more states will enact data privacy laws. These include:

• The Indiana Consumer Data Protection Act (ICDPA), which goes live in 2026.
• Washington’s My Health, My Data (MHMD), which takes effect in 2024
• Montana’s Consumer Data Privacy Act (MCDP), which will be enacted in 2024
• Tennessee Information Protection Act (TIPA or Tennessee Law), which goes live in 2025.

The fact that more U.S. states are getting aboard the data privacy train shows that state regulators are turning more of their focus towards data privacy and protection.

Additional data privacy laws: Data Care Act of 2023 and Online Privacy Act of 2023

Even though the U.S. doesn’t have a federal data privacy law, the Data Care Act and Online Privacy Act of 2023 are proposed bills that aim to protect U.S. citizens’ online data privacy. 

The Data Care Act (DCA) would require online providers to do their best to secure private data, notify consumers of breaches, and disclose when a consumer’s data is being used. Similarly, the Online Privacy Act (OPA) is similarly aimed at protecting consumers’ online data by putting limits on companies. This is proposed to be the “legislative floor” so that any other law coming up after this will only improve on the OPA.

LinkSquares makes compliance easier

Going it alone is scary, especially if this is unfamiliar territory. But LinkSquares CLM can help pave the way and make the journey smoother. In addition to providing centralized storage for all your agreements, our platform allows you to identify high-risk agreements, search contracts that meet specific criteria, and flag agreements with inconsistent terms. 

You can also make updates and changes quickly and cause minimal disruption, and save updated terms as templates. LinkSquares is your partner in compliance, and we have your back throughout all these changes.

Takeaways

As the landscape of data privacy laws shifts in the U.S., it’s important for affected companies to regularly update their contracts to ensure compliance with regulations. This means tracking regulations, understanding your risk profile, and running contract audits so you can stay ahead of potential threats. See how LinkSquares can help you track affected contracts and navigate this constantly changing landscape. Contact us today.