Adding to the complex patchwork of federal laws, some states have developed their own statutory frameworks for data protection. Every state has passed some form of data breach response legislation, and many states have consumer protection laws of various types. In addition, California has created a comprehensive data protection regime through the California Consumer Privacy Act (CCPA), which goes into effect on January 1, 2020.
The CCPA governs any company doing business in California that meets certain minimum thresholds, including companies with websites accessible there. The law provides consumers with three main “rights.” First, consumers have a “right to know” information that businesses have collected or sold about them, requiring businesses to inform consumers about the personal data being collected. Second, the CCPA provides consumers with a “right to opt-out” of the sale of their personal information. Third, the CCPA gives consumers the right, in certain cases, to request that a business delete any information collected about the consumer (i.e., “right to delete”). The CCPA will be enforced via civil penalties in enforcement actions brought by the California Attorney General.
California Privacy Rights Act (CPRA) – U.S. In California, the CPRA, which builds on the California Consumer Privacy Act (CCPA), went into full effect in January 2023. It expands consumer rights, particularly around the handling of sensitive data, including biometric and geolocation information. Law enforcement professionals need to ensure that data gathered during investigations complies with the expanded rights and the new California Privacy Protection Agency’s enforcement authority.
Virginia Consumer Data Protection Act (VCDPA) – U.S. This law, which became effective in 2023, introduces strict rules for processing consumer data, particularly regarding personal identifiable information (PII). Like GDPR, it grants consumers rights to access, correct, and delete personal data. For intelligence and investigative professionals in Virginia, compliance with these standards during investigations involving consumer data is essential.
Post your comment on this topic.