The demand for data privacy in the United States continues to heat up with movement at the state and national levels. On February 14th, 2020 the Washington state Senate passed a comprehensive data privacy bill which now moves on to the state House. One day earlier the most recent effort to establish a national data privacy law was introduced in the U.S. Senate. Polling shows there is a high level of bi-partisan support and also has the support of many key business leaders, yet there should be no assumptions that the latest national bill introduced by Senator Gillibrand (D-NY) will come to a vote as politicians are focused more on reelection than an issue that will not help distinguish them from their rivals. To give businesses a better perspective on the data privacy landscape, we take a look at where each state stands on the path to adopting their own comprehensive data privacy legislation.
Temperatures Are Rising
In the absence of an overarching national data privacy law, states continue to enact their own legislation with 16 more with bills at various stages on the path to joining Nevada, Maine, California, and New York. With widely varying requirements, the stage has been set for businesses and marketers to be left to fend for themselves in a legal environment where it will soon become impossible to not be in violation of some set of conflicting laws. Even California and New York, which have already enacted significant data privacy legislation are in the process of adopting additional laws strengthening those already on the books, creating a very fluid legal environment. Arizona, the only state to officially announce they will not be pursuing data privacy legislation because “[we] believe a single federal standard for comprehensive consumer data privacy regulation is preferable to a state-by-state approach”.
The United States has always been a bit of the wild wild west when it comes to data privacy. While there have been some federal laws to address things like financial services (FCRA), the protection of minors (COPPA), and medical (HIPAA), the laissez-faire mentality has otherwise been alive and well. According to Tech Crunch, the U.S. is in dubious company with Libya, Syria, Sudan, and Venezuela as one of the few countries in the world without national data privacy legislation. In March 2018 Alabama barely “won” the race against South Dakota to be the last state to adopt any kind of data breach notification law, opting for a relatively weak law that allows organizations to opt out of direct notice if it is too expensive to do so, or if more than 100,000 individuals are affected. This has not appeased residents or businesses.
Data privacy is in the best interest of U.S. residents and the business community, and has strong support from both groups, a rarity these days. Recent polls also show it to be a bi-partisan issue as the Pew Research Center reported in November 2019 that 75% of U.S. adults say there should be more regulation than there is now, with 81% of Democrats and 70% of Republicans agreeing. 70% of U.S. adults feel their data is less secure than it was 5 years ago, and 57% say they follow privacy news “very” or “somewhat” closely. In California, which already has CCPA in effect, a recent survey of registered voters revealed 88% supported CCPA and 81% believe a federal U.S. privacy law should be as strong or stronger than the CCPA (for more on what U.S. adults think about data privacy, read our article here).
There is unprecedented support from the business community. The chaos and fear that conflicting legislation has started has led the CEOs of 51 tech companies to deliver an open letter to congressional leaders calling for national data privacy legislation that will provide “strong, consistent protections for American consumers” and “a stable policy environment” that businesses need to flourish. These leaders are from major corporations like Amazon, AT&T, P&G, Dell, IBM, SAP, Salesforce, Visa, Walmart, and JP Morgan Chase. Conspicuously absent are those who are regularly found to be in violation and have shown to be poor stewards of their customers’ data (Facebook and Google). It is important to note that some have raised concerns that a single federal law would be more easily influenced and watered down by private interest groups. However, in the absence of any comprehensive federal legislation, consumers and businesses are finding themselves in the worst case scenario, no protection, driving state governments to act.
Current Status of Comprehensive Data Privacy Legislation by State
With data privacy legislation enacted in three states, 19% of the US population is protected. 44% of the population lives in states at some stage of the legislative process, and 34% live in states that have taken no action to date. If state level approval is any indication that U.S. Representatives and Senators from these states will push for national legislation, then a critical mass may not be far off. 20% of U.S. House seats are from states where these laws have already been enacted, and should all those with active legislation pass, this figure will jump to 50%. Considering this is a bi-partisan issue, the election cycle could see those up for reelection campaigning on the issue, or ignoring it for more divisive elements of their party platforms. Here is a summarized visual for each state and the District of Columbia:
Data Privacy Legislative Status by State
Temperatures are rising on data privacy legislation and the legal landscape will become increasingly complicated for U.S. consumers and businesses. July 1st, 2020 will be a key day in the minds of many business leaders. On that day Maine, New York, and California each have data privacy laws that will go into enforcement. Until there is a harmonization of data privacy laws that reduce this unnecessary burden on U.S. businesses and make understanding rights easier on consumers, businesses need to be prepared as best as possible.
Marc Shull founded Marketing IQ in 2009. Best known for bringing a clear vision to client marketing challenges, Marc brings together the best of marketing’s left-brained analytics and insights with right-brained creative and strategy to develop highly effective marketing solutions. Over the last 20+ years, Marc has worked with businesses ranging from regional non-profits to large multi-national corporations across a diverse set of industries including Visa, Party City, Aetna, Del Frisco’s Restaurant Group, General Mills, Miller Coors, P&G, eBay, Intel, Prudential Capital Group, Polska Grupa Farmaceutyczna, Domino’s, Safeway, and Wal-Mart.
Note: On Wednesday, March 17 Marc will be presenting an instructive webinar for any organization concerned with their own CCPA and broader data privacy compliance issues, entitled: Playing Catch Up: CCPA Compliance. Please stay tuned for details and registration information.
Feature photo by Matthew Henry on Unsplash.
