Heather Buchta Writes InBusiness Phoenix Article About Importance for Business of Effectively Navigating State Data Privacy Laws
With Data Privacy Day approaching on January 28, Quarles & Brady Partner Heather Buchta wrote an article for InBusiness Phoenix about what companies operating in multiple states need to do to ensure they are adhering to the various state laws that govern how businesses protect the data of customers.
Buchta, Phoenix office chair of the firm’s Intellectual Property Practice Group, explained that now is an ideal time for companies to update their data privacy programs, before additional state laws become effective this summer.
Data privacy issues and legislation are poised to gain steam. Since 2018, when California passed the first comprehensive data privacy legislation in the U.S., 11 states have passed similar legislation, with the promise of more on the way. As of the end of 2023, the statutes in five of those states are effective, with Utah joining California, Virginia, Colorado and Connecticut. While ongoing legislative sessions are expected to yield additional statutes, it is unlikely any new legislation would change the landscape for 2024. Generally, state legislatures are building in effective dates ranging from 9–12 months to 2–3 years out. The result is that the roadmap for 2024 privacy compliance is set, barring any legislative surprises.
If a business does not yet have a privacy program, now is the perfect time to look across all 11 existing laws and incorporate their basic shared tenets into a base privacy program. Doing so does not have to be a heavy lift, as the shared tenets are straightforward and center on three things: transparency, notice and choice.