Printer Friendly, PDF & Email

Are companies prepared for new state-level data privacy bills?

Bill Tolson ( is Vice President of eDiscovery and Compliance at Archive360.

There was a time when mandates like the General Data Protection Regulation (GDPR), the sweeping data privacy legislation that governs the European Union and European Economic Area, and its California cousin, the California Consumer Privacy Act (CCPA), dominated the headlines. For too long, personally identifiable information (PII) had flown freely between businesses, and been misused and abused along the way. The new regulations were onerous to be sure, but certainly needed to restore even basic privacy. No wonder that there are now many similar laws around the world.

However, ever since GDPR and CCPA went into effect, there’s only been a trickle of privacy laws passed in the United States.

That may be about to change. Dozens of data privacy bills have already been forwarded for debate in states around the country, and by 2024, it’s likely that almost every state will have its own flavor passed into law. There’s surely some overlap, but there are specific provisions that are wildly different.

Preparing for these laws will take significant resources, and forward-thinking enterprises have begun putting the necessary layers in place. But how about the rest—are they as ready as they need to be?

This document is only available to members. Please log in or become a member.

Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field