We are not attorneys, nor do we play them on TV. The following is not meant to be taken as legal advice. Please use this information as part of your own information gathering process.
While the internet has been around for a generation, U.S. laws are still playing catch-up to protect citizens and consumers as technology continues to change the game. Here’s a glimpse at six privacy laws taking effect in 2023:
- The California Privacy Rights Act
- Virginia Consumer Data Protection Act
- Colorado Privacy Act
- Utah Consumer Privacy Act
- Connecticut SB6
- Quebec Bill 64
Approved back in November of 2020, the California Privacy Rights Act (CPRA) is a consumer privacy law that goes into effect in 2023. It is the upgraded replacement to the California Consumer Privacy Act (CCPA) that went into effect in 2020.
According to Termaggedon.com: “the CPRA applies to businesses that collect the personal information of residents of California and do business in California and that meet one of the following factors:
- Have annual gross revenue of more than $25,000,000;
- Derive 50% or more of its annual revenue from selling or sharing the personal information of California consumers; or
- Annually buy, sell or share the personal information of 100,000 or more California consumers or households.
Businesses that receive the personal information of residents of California from their clients may also need to comply with this law via contract, even if they do not meet the criteria listed above.”
Virginia Consumer Data Protection Act
Signed into law in 2021, The Virginia Consumer Data Protection Act (VCDPA) is scheduled to go into effect in 2023. It was designed to give Virginia consumers more rights to their personal data. Privacy policies will need to include specifics if you are a business or person doing business in Virginia or that produce products or services targeted to Virginia residents and that meet one or more of specific.
Colorado Privacy Act
Much like the VCDPA, the Colorado Privacy Act has a period for remedying policy violations. However, with fines of up to $20k per violation or up to half a million dollars for a series of violations, they also have a longer time period to remedy at 60 days. But this leniency only lasts until January 1, 2025.
Utah Consumer Privacy Act
Utah was the sixth state to enact a comprehensive privacy law in March of 2022. The Utah Consumer Privacy Act provides new consumer privacy rights to residents of Utah and imposes various privacy obligations upon certain businesses. Although the law doesn’t go into effect until December 31, 2023, you can start preparations now to ensure compliance before the effective date.
Unlike other privacy laws, the Utah Consumer Privacy Act exempts nonprofits, meaning that only for-profit businesses will need to comply.
In May 2022, Connecticut joined the ranks of passing its own privacy law, Connecticut SB6. The new law will go into effect on July 1, 2023. Like several of the other privacy laws mentioned here, Connecticut SB6 applies to persons that do business in Connecticut or that provide goods or services that are targeted towards residents of Connecticut. Even if these do not apply to you, you may also be required to be compliant if you’re serving as a contractor for a business that it does apply to.
Similar to the Utah Consumer Privacy Act, the Connecticut SB6 does not apply to non-profit organizations.
Quebec Bill 64
If you’re participating in economic activity in Canada, you’ll need to look into Canada’s federal privacy bill, the Personal Information Protection and Electronic Documents Act (PIPEDA). It has been supplemented by the newest Quebec Bill 64 which is different in several ways. Since we focus primarily on brands doing business within the United States, we’re going to leave those details up to you.
What To Do
Some options for generating privacy policies include some of the following third-party providers. We don’t have a favorite, you may want to consider doing your own search. Here are a few options to get you started:
Website Design & Development
We don’t specialize in business law, but we do try to keep up with changes that would effect the brands we work with. If you’re in need of an update to bring your website into compliance or to design and develop a new one, we would love to speak with you! You can contact us by filling out our form, or give us a call.
Sources we used to summarize this info: The 6 New Privacy Laws Coming in 2023 – What you Need to Know by Termageddon, Iubenda’s webinar, & U.S. State Privacy Laws in 2023