Editor’s Note: This is the second installment of a multi-part assessment of America’s data privacy status. As complex as the various legislations are, Marc Shull has done a remarkable – and well researched – job of breaking them down for us. You can read the first installment here.
As U.S. State level efforts to pass data privacy legislation subside in the wake of Covid-19, efforts at the federal level on this decidedly bi-partisan issue continue to be introduced into the Senate and House of Representative. Solving this growing problem will be both pro-business and pro-consumer.
Early 2020 looked bright for businesses and consumers alike as momentum was building to provide consumers with greater control of their data privacy and businesses with a single, clear roadmap for compliance. Following a two-year period that saw the EU implement GDPR and the passage of several State level laws in the U.S. there was increasing bi-partisan demand for federal legislation that would provide one set of rules and help keep international markets accessible to U.S. based businesses. But 2020 had other plans, with the global pandemic sidelining or killing nearly all active legislation. Yet as concerns about how contact tracing data might be misused, continuing efforts by foreign actors to influence U.S. elections, and data breaches continue to impact the lives of consumers and the livelihood of businesses, federal data privacy legislation is being proposed by both sides of the aisle.
By Marc Shull
Several national level bills have been introduced in 2020, starting with the Data Protection Act of 2020 introduced by Senator Gillibrand (D-NY) on February 13th and most recently the Safe Data Act by Senator Roger Wicker (R-MS), yet none have made it out of committee. Distracted by the pandemic and the build up to the 2020 election, finding a solution fell by the way side as did notice of a key date for data privacy legislation. On July 1st, 2020, data privacy laws for Maine and California went into enforcement, joining those from Maine and Nevada. As of that data businesses are subject to 4 different State laws on data privacy covering 19.4% of the U.S. population.
To give businesses a better perspective on the data privacy landscape and how it has changed since our last review in March 2020, we take a look at where each state stands on the path to adopting their own comprehensive data privacy legislation.
Legislative Temperatures Have Fallen but Not Consumers
By March of this year four U.S. states had already passed data privacy legislation and another sixteen had bills at various stages in the legislative process. Today ten of the eleven still in process are stalled in committee, including those in states that are usually at the forefront of data privacy such as Illinois and New York. Only Washington, which introduced a new bill in August after failing to pass legislation in the State Senate that had passed the State House, and the California Privacy Rights Act (CPRA) ballot initiative are considered active.
Despite a major decrease in legislative activity, U.S. consumer sentiment on the topic has not decreased. According to research conducted in June 2020, in the absence of legislative requirements, Transcend reported 93% of consumers would switch to a business that prioritized data privacy. Their research also identified a growing trend that brands which fail to provide data privacy rights, such as access, were seen as increasingly untrustworthy (59%) and unethical (44%). In California, where the CPRA is on the ballot, surveys from early October indicate 77% of the population supports more restrictive changes to CCPA that would much more closely align it to GDPR. These figures align with pre-pandemic polling by the Pew Research Center which reported in November 2019 that 75% of U.S. adults say there should be more regulation than there is now, with 81% of Democrats and 70% of Republicans agreeing.
Current Status of Comprehensive Data Privacy Legislation by State
Nearly one in five (19.4%) of U.S. consumers are already protected by data privacy legislation. In fact, thirty U.S. States have taken some action, from assigning task forces to enacting legislation. Even Arizona, which previously announced they would not be pursuing data privacy legislation because “[we] believe a single federal standard for comprehensive consumer data privacy regulation is preferable to a state-by-state approach” introduced data privacy legislation (both are inactive in-committee). Should the federal government continue to fail to pass comprehensive legislation, this will create a scenario where businesses would need to account for multiple of sets of constantly evolving data privacy laws…. in each of fifty States. An unnecessary burden for businesses and a confusing consumer experience. Here is a summarized visual for each State and the District of Columbia:
Data Privacy Legislative Status by State
Temperatures may be cooling as State legislators are pre-occupied with Covid-19 and the ensuing economic effects, but the desires of the people and business community has not abated, nor has efforts by both major political parties to introduce federal legislation. For businesses, the adage “hope for the best, prepare for the worst” applies. Continuing inaction at the federal level will not protect businesses from noncompliance with data privacy laws and as they cover nearly 1 in five U.S. residents, not conducing business in those states is not a viable option for most businesses. Until a clear and comprehensive path to data privacy in the U.S. is established, business should look to adopt their own data privacy strategies that minimize their risk and improves their customers’ experience.
Marc Shull founded Marketing IQ in 2009. Best known for bringing a clear vision to client marketing challenges, Marc brings together the best of marketing’s left-brained analytics and insights with right-brained creative and strategy to develop highly effective marketing solutions. Over the last 20+ years, Marc has worked with businesses ranging from regional non-profits to large multi-national corporations across a diverse set of industries including Visa, Party City, Aetna, Del Frisco’s Restaurant Group, General Mills, Miller Coors, P&G, eBay, Intel, Prudential Capital Group, Polska Grupa Farmaceutyczna, Domino’s, Safeway, and Wal-Mart.
Photo by Martin Sanchez on Unsplash.
