The topic of data privacy seems to be on everyone’s lips these days, and not just for the data privacy experts, but increasingly in the mainstream media covering privacy laws in the US. There have been talks of a comprehensive national law, while individual states are currently passing state data privacy laws. The invalidation of Privacy Shield as a means of international data transfer has also driven conversations, and the media is always discussing the latest data breach and the number of records with personal information lost.
Amidst this backdrop, businesses are struggling to obtain and maintain compliance with the laws and regulations; ultimately it is the citizen – the data subject – that pays the price.
It is fairly easy to contrast and compare the US against the European Union and the member countries. And by comparing where the EU is today with data privacy, one can assume that the US will arrive at the same position, something like GDPR as a national privacy law.
The US has 50 states that have their individual governing bodies and laws. The EU has individual countries with governing bodies and laws. With the formation of the EU, inter-country commerce was greatly facilitated – one currency, free flowing borders – which has always been the case in the US. The EU passed a comprehensive data protection law, the GDPR, while the US is passing a series of state privacy laws that have similarities, but also differences.
As of this writing, the following states have passed/signed comprehensive privacy laws in the US:
- California
- Colorado
- Virginia
- Utah
- Connecticut
And there are a further 12 states that have active legislation in process.
For companies that process personal data and want to be compliant, the myriad of laws and nuances to them all is creating headaches for compliance, legal and privacy teams. For companies that are based, or do business, in the US, the need for national legislation is becoming more and more critical as each state passes its own laws.
Having a national law would have an immediate impact on businesses ability to become and maintain compliance. It would also be a huge advantage for individual data subjects to know what their privacy rights are. If we look at what the EU has accomplished and all of the benefits to the citizens as well as the business benefits, one can only imagine that it is just a matter of time, hopefully sooner and not later.
It is important to note that, no matter what privacy laws in the US are passed or regulations an organization is attempting to achieve compliance with, a major factor is understanding what personal data the organization processes and where that data is located. Tealium, the world’s most trusted CDP, enables organizations to achieve this, and more.
To learn more about the way that CDPs support companies managing privacy laws in the US and around the world, download our 2022 State of the CDP Report.