Utah, Georgia Adding Privacy Laws
On this very blog, we discussed how California Consumer Privacy Act would be mimicked throughout the United States. Colorado and Virginia quickly followed suit, and soon the Utah Consumer Privacy and the Georgia Computer Data Privacy Act will be laws on the books.
The Utah Consumer Privacy Act (UCPA) is the latest privacy law enacted in the United States. UCPA’s thresholds and provisions are closely aligned with the Virginia Consumer Privacy Act. The primary threshold for a covered business whether a company makes more than $25 million in annual revenue, but those companies also must hold personal data on 100,000 Utah consumers or derive 50 percent of revenue from selling the data of more than 25,000 consumers.
Experts say the Utah Consumer Privacy Act has no new provisions that businesses haven’t encountered before in California, Colorado, or Virginia’s privacy laws, so organizations in compliance with those mandates shouldn’t be too affected by UCPA. The biggest hurdle to compliance may just be determining whether your organization is required to comply with the law in the first place.
In February, Georgia introduced a bill titled the Georgia Computer Data Privacy Act (GCDPA) that may be stricter that CCPA. Despite the word “computer” in its name, the GDCPA is modeled after CCPA and represents the first omnibus privacy bill introduced in Georgia.
Initial reports about Georgia Computer Data Privacy Act indicate it could be stricter than CCPA, including the requirement for consumer consent to collect data versus allowing businesses to collect personal information prior to consent. Also, GCDPA establishes a definition of “sales” which includes the discloser of data to a third party for any “valuable consideration.” Also, the consumer must first give their opt-in to allow companies to sell their data.
If you have clients in multiple states, odds are good you must or will have to comply with numerous state privacy laws. Partner with 2W Tech to make sure all your regulatory compliance needs are covered. We have a Cybersecurity Compliance Program that will make sure your organization complies with any industry regulations you must follow. Contact us today for more info.
Read More:
Protect Your Organization from Insider Cyberattacks